At a glance
The City of Edinburgh Council chose integrated cloud email security solution Egress Defend to eliminate the advanced phishing threats that were going undetected by Microsoft 365 and their secure email gateway.
The council now leverages Defend’s AI powered detection capabilities to identify and neutralize advanced phishing attacks, with dynamic contextual banners alerting users to risk and enhancing security awareness training.
The City of Edinburgh Council's need to improve phishing detection and employee awareness
Providing a range of public services to approximately half a million citizens, The City of Edinburgh Council needs the right security defenses in place to protect their systems and data from sophisticated cyber threats.
“With a workforce of nearly 8,000 corporate employees, it’s inevitable we encounter varying levels of technical abilities and security awareness,” explains Mark Burtenshaw, ICT Manager for Security and Compliance at The City of Edinburgh Council. “Given this, our top concern lies with phishing attacks that don’t use traditional payloads, such as advanced spear phishing emails targeted at our top executives and VIPs. Ensuring our employees can identify this type of sophisticated threat is vital for our security strategy.”
With phishing threats constantly evolving and having noted the devastating impact on other local authorities in the UK, the security team at The City of Edinburgh Council became aware of a gap in their email security tech stack.
“Too many advanced phishing threats were getting past Microsoft 365’s native defenses and our secure email gateway (SEG),” states Mark. “We needed to implement an intelligent anti-phishing solution that could detect advanced attacks, while remaining user-friendly for employees of differing technical abilities.
Intelligently detecting threats that bypass Microsoft 365
Following a successful pilot, in August 2023 The City of Edinburgh Council rolled out Egress Defend across all 8,000 users to identify and neutralize advanced threats that were bypassing Microsoft 365 and their SEG.
Seamlessly integrating with Microsoft 365, Defend harnesses pre-generative and zero-trust detection models, as well as linguistic, contextual, and behavioral analysis, to identify advanced inbound threats. Inspecting every inbound email, Defend displays dynamic heat-based banners that alert users to risk, providing easy-tounderstand advice that supports security awareness training without creating user friction.
“Defend’s banners are incredibly intuitive,” says Mark. “They give our users clear advice that we couldn’t get from our existing email security tools, and have noticeably improved employees’ resilience to phishing attacks.”
In addition, Mark and the team found that Defend has had a positive impact on their internal phishing simulation campaigns. Mark elaborates: “The banners have dramatically increased employees’ everyday vigilance to phishing attacks. They receive real-time nudges based on threats that are targeting them – providing in-the-moment training that enhances their security awareness. As a result, we have seen a dramatic decrease in the number of employees interacting with our phishing simulations.”
“The banners have also dramatically increased employees’ everyday vigilance to phishing attacks.”
Mark Burtenshaw, ICT Manager Security and Compliance, The City of Edinburgh Council
Defend now detecting 98% more attacks
Data taken from Defend for a 90-day period shows that a staggering 98% of phishing attacks targeting the council had bypassed Microsoft 365 and SEG detection, and were identified and neutralized by Defend. Of the attacks that evaded Microsoft’s native detection, 42% came from compromised accounts, 24% used advanced obfuscation techniques, and 49% carried a phishing hyperlink as their payload.
“Defend’s value is proven every day in the statistics shown in its threat intelligence dashboard,” Mark states “Before we implemented Defend, Microsoft 365 and our SEG were only catching 2% of attacks targeting the council – which was something that kept the security team up at night! With Defend in place, not only can the team quickly respond to known attacks with Defend’s remediation capabilities, but I can rest easy knowing employees aren’t able to interact with advanced phishing threats.”
The team at The City of Edinburgh Council were also impressed with the ongoing product innovation. “It’s clear that Egress is continuously evolving,” explains Mark, “Not only is the product always improving over time through its self-learning technology, but unlike other vendors I’ve worked with in the past, new developments are consistently being made available to customers.”
With a view to implementing the entire Intelligent Email Security platform to include outbound email protection and encryption, Mark concludes: “It’s a game-changing improvement on any email security tool we’ve implemented with Microsoft 365 – and now I can’t imagine going back.”