Greater Manchester Mental Health (GMMH), an NHS foundation trust in Northwest England, is one of the largest specialist mental health providers in the UK. GMMH employs approximately 8,000 people across multiple sites and as satellite remote workers, who use email to communicate with other healthcare professionals, patients, and suppliers. As email is the most common channel for cyberattacks, email security is a top priority for GMMH to ensure they have the right defenses in place to protect busy healthcare professionals.
The challenge: Enhancing email defenses without impacting clinical efficiency
Kevin Orritt, Cyber Security Manager at GMMH, explains: “The majority of our employees are clinical-focused individuals who prioritize patient care and are not necessarily IT experts. We need to ensure we have the right defenses in place to protect them from the broad spectrum of phishing threats they face, without distracting them from their day-to-day work.”
Like most healthcare organizations, GMMH has migrated to Microsoft 365 and uses Exchange Online Protection (EOP) as an initial layer in their anti-phishing defenses. “We recognized that one layer is not enough to detect and neutralize the numerous advanced phishing threats targeting GMMH,” states Kevin. “We therefore wanted to increase our technical defenses and, at the same time, find a solution that could reinforce our security training, as employees were becoming desensitized to the same static banners that were being displayed on every phishing email by EOP.”
In particular, GMMH identified that they were at risk from attacks that contain new or emerging payloads not yet listed in EOP’s definitions libraries, as well as phishing emails that don’t contain a ‘traditional’ payload, such as impersonation-based business email compromise (BEC) attacks requesting fraudulent changes to payroll. There was also a risk of phishing emails sent from compromised legitimate email accounts within their supply chain.
"We recognized that one layer is not enough to detect and neutralize the numerous advanced phishing threats targeting GMMH's day-to-day work."
Kevin Orritt, Cyber Security Manager, GMMH
The solution: Intelligent anti-phishing in Microsoft 365 that reinforces security training
GMMH contacted Egress and Softcat, a leading provider of IT technology solutions and services, that works with GMMH on strategic projects and implementations across their estate. Softcat’s large Public Sector framework presence also allows for a simple and efficient/compliant way for GMMH to work with them. Following initial discussions, GMMH trialed intelligent anti-phishing solution, Egress Defend.
“The Defend trial was very easy to set up,” explains Kevin. “We onboarded approximately 100 users from within our IT team very quickly and, as the software is user-friendly and intuitive, everything went smoothly and we only received positive feedback. As a result, we were ready for a ‘big bang’ launch to our entire employee base within two months.”
While evaluating Defend, the team spoke with a current Egress customer about their experience. “They were incredibly positive about their experience using Egress – so much so that based on their recommendation, we subsequently evaluated and invested in Egress Prevent, which we’re about to deploy!” Prevent uses machine learning technology to detect human error, such as misdirected emails and file attachments, and data exfiltration to enhance outbound email security.
In addition to detecting the advanced phishing threats that get through existing defenses, the GMMH team was also impressed by Defend’s dynamic anti-phishing banners, compared to the static ones previously implemented. Using a heat-based warning system, the banners change color depending on the level of risk detected and provide informative target messages, making them highly engaging to end users.
“Egress Defend not only provides an additional layer of defense but also supplements our security awareness training,” says Kevin. “Defend's clickable banners allow employees to learn about the threats they face without adding to their heavy load of mandatory training. By presenting them with constant reminders, employees continuously develop their cybersecurity awareness.”
"Egress Defend not only provides an additional layer of defense but also supplements our security awareness training. Defend’s clickable banners allow employees to … continuously develop their cybersecurity awareness."
Kevin Orritt, Cyber Security Manager, GMMH
The results: Improved phishing detection and employee awareness, while reducing administrative overheads
After an initial light-touch internal communications campaign, deploying and managing Defend has proven to be a seamless process for GMMH. The team was particularly impressed with the technical expertise and approachability of the Egress and Softcat teams during the implementation.
“We’re really pleased with the implementation of Defend,” continues Kevin. “The Egress Security Center shows that we’re now detecting a broader range of advanced phishing threats, including BEC and impersonation attacks. Defend is intuitive and easy to use, which meant GMMH’s employees could benefit from it immediately, and it makes life easier for our administrators. You always expect helpdesk calls when you roll out new software – but Egress bucked the trend, and we didn’t receive a single ticket! We’ve only had positive feedback from end users, and our Information Governance team is now keen to get Prevent deployed to see the benefits to our outbound email security. Both the Egress and Softcat teams made the process incredibly collaborative, and I look forward to continuing to work with them on this and future projects.”