Protect Your Business from Devastating Voice Scams
How a European Bank Saved $5.4m and Reduced the Cost of Vishing Incidents by 38%
Introduction
A large European bank operating in four countries with 40,000+ employees was frequently targeted by voice scams.
They had a cybersecurity awareness program in place. But still, they had been inundated with complaints from employees and customers, who claimed that the attacks violated their privacy, caused panic, and put them at risk of data breaches.
This company looked into the complaints and discovered that some users didn't report attacks. At the same time, few employees were able to identify the scam and avoid falling for it.
Successful Outcomes
The annual return on investment was around $5.4m
Employees were 92% better at recognizing fake phone calls in the first 6 months.
Employees showed 60% more behaviour in filing a complaint or reporting incidents to those in charge.
The Risk of Inaction
Not complying with local and international regulations such as HIPAA, CCPA, NIST, GDPR, PCI DSS, etc., may face legal sanctions and reputational damage. At this point, restoring client confidence was one of the essential tasks for this bank.
Along with these, there was the risk of productivity and financial loss. Dealing with vishing cases took up a significant amount of time and cost the company. Brand damage and the loss of customer trust would also result in additional revenue loss.
Voice scams are sometimes used with other social engineering attacks like smishing or phishing messages to bypass multi-factor authentication, get a one-time password, or download malicious attachments—all of which could cause the illegal sale of sensitive data.
Over and above this, the lack of adequate protection and monitoring of employees who start working from home has created a separate risk, especially given that they are more open to vishing attacks.
Average Cost of Breach
The average loss per individual | $502 |
Employees recognizing and reporting Vishing | 62% to 92% in 6 months |
The total estimated cost saving is $5.4m annually |
Average Cost of Vishing Incident Response:
Avg. time to respond to a Vishing incident | from 18 hours to 7 hours |
The average cost of one staff | $60 per hour |
The cost of a single Vishing incident reduced | from $1,080 to $420 |
The average number of Vishing incidents reported per year | 260 |
The total estimated cost saving is $171,600 annually (reducing cost from $280,800 to $109,200) |
The difficulties above solely involve employment expenses, and triage is expected to cost more than that and could take up to two weeks to complete; losses could be more. For instance, according to a report from CNBC, nearly one in three Americans say they have fallen victim to a phone scam in the past year, with the average reported loss being about $502 per person [1]. Another report from Truecaller estimates that the number of victims seems to be increasing year after year, 68.4 million Americans fell victim to a phone scam in the past 12 months and lost $29.8 billion to scam calls. [2].
How Keepnet Stepped In:
Vishing simulation was automated, allowing for a detailed analysis of all employees' risky behaviors, making them aware of these risks, and instilling good reporting habits.
Existing incident response strategies for phone-based attacks were evaluated, gaps identified, and protocols revamped.
Comprehensive employee training modules incorporating behavioral science elements like nudges were introduced.
Employee adherence to security policies was assessed and reinforced with targeted training.
The Threat Sharing policy was overhauled to pre-emptively share critical information with authorities and other e-commerce platforms.
Operational Results
2,500 employees, including newly recruited employees across 211 retail stores in 68 locations, were automatically and continuously trained.
Employees successfully identified a voice scam with an 80% success rate during vishing campaigns within 90 days.
The incident reporting and follow-up mechanism was drastically improved with new policies and procedures implemented.
Employee stress and anxiety levels were significantly reduced.
Strategic Results
The total estimated annual cost saving is an impressive $30,000.
Teknosa substantially reduced potential regulatory risks, gaining renewed confidence in its long-term compliance strategy.
The company implemented robust vishing security procedures and established a clear vishing incident response playbook.
The company implemented robust vishing security procedures and established a clear vishing incident response playbook.
“We recognized the need to improve our cybersecurity awareness program and protect employees from devastating voice scams. By implementing vishing simulations and enhancing our processes, we increased our control over vishing attacks and eliminated them 12 times faster. Our employees showed a 92% improvement in recognizing fake phone calls.”