Boosting Quishing Awareness 91% Success
Learn how Keepnet protects a global retailer from QR phishing attacks, saving costs and enhancing the organization's security culture.
![Case Study: Mitigating the Risk of Phishing Attacks](https://keepnetlabs.com/quishing-case-study-img.webp)
Introduction
A leading US-based retail company operated over 6,000 stores in 25 countries, employing approximately 27,000 people. The company integrated QR codes to connect offline and online shopping experiences, placing them alongside products, on payment kiosks, at storefronts, and on product packaging.
This strategy, however, introduced the threat of QR code phishing. With a large workforce, equipping employees to recognize and respond to these threats was essential.
The company looked for a security awareness training vendor capable of stopping QR phishing attacks. Keepnet was selected based on its inclusive security awareness approach, combining advanced technical defenses with a strong focus on employee training and awareness.
Successful Outcomes
Saved $89.500 per year from incident handling processes.
Prevented a $1,897,560 potential loss annually.
Improved their ability to recognize QR phishing by 91% in a year.
Reduced human risk score from 45% to 80%.
Increased training success from 57% to 94%.
Impact of QR Phishing Attacks
QR code phishing attacks pose substantial risks, considering the company's extensive international presence and the responsibility of managing human risk, which accounts for 95% of all cybersecurity incidents.
Legal Compliance Risks: Inadequate training of employees in recognizing and responding to QR code phishing attacks could lead to legal penalties and actions. This situation demands rigorous and consistent cybersecurity training.
Financial impact: QR code phishing attacks can lead to data breaches and potentially result in ransom demands. These incidents incur costs regarding incident response and mitigation and can lead to substantial financial losses.
Reputation at stake: Keeping customer trust is essential for a large brand. Any compromise in data integrity due to phishing attacks can severely damage the company's reputation among customers, employees, and business partners.
Operational disruptions: Responding to QR code phishing attacks requires significant resources and can disrupt regular business operations.
Potential Loss Prevented
The average loss per individual | $502 |
Employees recognizing and reporting Quishing | from 77% to 88% in 1 year |
The total potential loss prevented: $1,897,560 annually |
Cost Saved From Incident Response
Avg. time to respond to a QR Code Phishing incident | from 6 hours to 2 minutes |
The average cost of one staff | $60 per hour |
The cost of a single Phishing incident reduced | from $360 to $2 |
The average number of Phishing incidents reported per year | 250 |
The total estimated cost savings are $89,500 annually (reducing the cost from $90.000 to $500). |
How Keepnet Stepped In:
QR Code Phishing Simulation: Keepnet introduced QR code phishing simulations to assess and improve the employees' readiness against QR code phishing attacks. The QR phishing simulator provided practical, hands-on experience, enabling employees to better recognize QR code phishing attacks.
Focused Security Awareness Training: Keepnet implemented a targeted security awareness training program to address QR code phishing attacks.
Expert Consultation: Keepnet provided the company with ongoing consultation, offering insights into emerging threats and assisting in creating targeted phishing campaigns.
Strengthened Reporting Culture: Keepnet trained the company's employees in proper reporting mechanisms and provided phishing reporting add-ins to employees. This empowered staff to report any suspicious activities promptly, enabling swift incident response and resolution.
Ensuring Regulatory Compliance: The regular simulated phishing tests and security awareness training sessions conducted by Keepnet ensured that the company remained compliant with relevant cybersecurity regulations. This compliance minimized the risk of penalties and legal consequences associated with regulatory breaches.
Behavior-Based Automated Security Training: Keepnet' system is designed to monitor closely how employees handle cybersecurity. If it spots any wrong actions, it automatically sends that person specific training. This training focuses on the exact mistakes they made.
Operational Results
Trained 27,000 employees worldwide, boosting security awareness.
Improved risk score from 45% to 80%, strengthening cybersecurity posture.
Reduced human risk score from 80% to 45%, strengthening cybersecurity posture.
Achieved a 91% success rate in identifying and reporting phishing attempts.
Increased training success from 57% to 94%, demonstrating effective training methods.
Strategic Results
Saved $89,500 from the incident handling process per year.
Prevented a $1,897,560 potential loss annually.
Ensured adherence to cybersecurity regulations, enhancing organizational reassurance.
Improved cybersecurity defenses through an effective incident response plan.
“In our retail operations, QR code usage was a top priority. Partnering with Keepnet Labs has been a strategic move to strengthen our defenses against QR code phishing. We focus on equipping our 27,000 employees across 6,000 stores with the necessary skills to identify and prevent these threats, ensuring our customers' safety and our brand's integrity."