Keepnet Labs Logo
Menu
HOME > case studies > securing retail operations

Boosting Quishing Awareness 91% Success

Learn how a major retail company secured its business against phishing threats, ensuring customer trust and securing financial transactions.

Case Study: Mitigating the Risk of Phishing Attacks

Introduction

A leading US-based retail company operated over 6,000 stores in 25 countries, employing approximately 27,000 people. The company integrated QR codes to connect offline and online shopping experiences, placing them alongside products, on payment kiosks, at storefronts, and on product packaging.

This strategy, however, introduced the threat of QR code phishing. With a large workforce, equipping employees to recognize and respond to these threats was essential.

The company looked for a security awareness training vendor capable of stopping QR phishing attacks. Keepnet was selected based on its inclusive security awareness approach, combining advanced technical defenses with a strong focus on employee training and awareness. 

Successful Outcomes

  • Saved $89.500 per year from incident handling processes.

  • Prevented a $1,897,560 potential loss annually.

  • Improved their ability to recognize QR phishing by 91% in a year.

  • Reduced human risk score from 45% to 80%.

  • Increased training success from 57% to 94%.

Impact of QR Phishing Attacks

QR code phishing attacks pose substantial risks, considering the company's extensive international presence and the responsibility of managing human risk, which accounts for 95% of all cybersecurity incidents.

  • Legal Compliance Risks: Inadequate training of employees in recognizing and responding to QR code phishing attacks could lead to legal penalties and actions. This situation demands rigorous and consistent cybersecurity training.

  • Financial impact: QR code phishing attacks can lead to data breaches and potentially result in ransom demands. These incidents incur costs regarding incident response and mitigation and can lead to substantial financial losses.

  • Reputation at stake: Keeping customer trust is essential for a large brand. Any compromise in data integrity due to phishing attacks can severely damage the company's reputation among customers, employees, and business partners.

  • Operational disruptions: Responding to QR code phishing attacks requires significant resources and can disrupt regular business operations.

“In our retail operations, QR code usage was a top priority. Partnering with Keepnet Labs has been a strategic move to strengthen our defenses against QR code phishing. We focus on equipping our 27,000 employees across 6,000 stores with the necessary skills to identify and prevent these threats, ensuring our customers' safety and our brand's integrity."

- Noah Martin, CISO at US-based Retail Business

Potential Loss Prevented

The average loss per individual

$502

Employees recognizing and reporting Quishing

from 77% to 88% in 1 year

The total potential loss prevented: $1,897,560 annually

Cost Saved From Incident Response

Avg. time to respond to a QR Code Phishing incident

from 6 hours to 2 minutes

The average cost of one staff

$60 per hour

The cost of a single Phishing incident reduced

from $360 to $2

The average number of Phishing incidents reported per year

250

The total estimated cost savings are $89,500 annually

(reducing the cost from $90.000 to $500).

How the Company Reduced QR Phishing Attacks

  • Implemented QR code phishing simulations to assess and improve employees' readiness against QR code phishing, providing practical, hands-on experience.

  • Developed and executed a focused security awareness training program specifically targeting QR code phishing attacks.

  • Utilized expert consultation to stay ahead of emerging threats and create effective phishing campaigns.

  • Enhanced the reporting culture by training employees on proper reporting mechanisms and providing phishing reporting tools, enabling swift incident response.

  • Ensured regulatory compliance through regular phishing tests and training sessions, minimizing legal risks.

  • Adopted behavior-based automated security training, monitoring employee cybersecurity actions and sending targeted training for specific misbehaviors.

Operational Results

  • Trained 27,000 employees worldwide, boosting security awareness.

  • Improved risk score from 45% to 80%, strengthening cybersecurity posture.

  • Reduced human risk score from 80% to 45%, strengthening cybersecurity posture.

  • Achieved a 91% success rate in identifying and reporting phishing attempts.

  • Increased training success from 57% to 94%, demonstrating effective training methods.

Strategic Results

  • Saved $89,500 from the incident handling process per year.

  • Prevented a $1,897,560 potential loss annually.

  • Ensured adherence to cybersecurity regulations, enhancing organizational reassurance.

  • Improved cybersecurity defenses through an effective incident response plan.

Schedule your 30-minute demo now

You'll learn how to:
tickCreate effective quishing campaigns to improve threat response skills.
tickCustomize quishing templates to suit your business needs and enhance awareness.
tickTrack user behaviors and generate quishing risk scores to benchmark your industry performance.

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate