Groupe Partnaire

A crucial issue

Groupe Partnaire is a leading French human resources company : interim, recruiting, training, contractor agency, management of change. The Groupe is engaged in a global process of innovation and digitalization. In spite of this, its employees still have to deal with a lot of attachments, especially received via email, in their day-to-day work. 

As such, the company faces both risks of ransomware attacks (often deployed through malicious attachments) or of data breaches, should internal or external data be leaked. 

In this context, creating an internal cybersecurity culture, teaching employees how to detect different types of phishing attacks and reporting rapidly and efficiently any suspicious emails was paramount, especially since Partnaire’s IT department had noticed an increase in the frequency and sophistication of phishing attacks. 

We caught up with Jean-Martial Sabot, Groupe Partnaire’s Head of IT, in order to ask him how the employees were developing their phishing-detection skills. 

A 100% automated engine

Jean-Martial told us that he greatly appreciates that the engine runs in a fully automated way, which decreases the time he and his teams have to spend on the topic. He likes that the engine “runs on its own” and “teaches employees all by itself” about phishing risk thanks to a variety of simulations. “I can’t stress enough how much time this has saved us” he says, “we would never have been able to run the volume of simulations if it had required manual input”. 

Jean-Martial also highlighted how quick it was to set up Mantra’s engine at Partnaire. With only a few manual steps, the entire thing was up and running in less than 20 minutes.

Training employees for the phishing and spear-phishing threats they face 

Partnaire was recently the target of a large-scale phishing attack that sent over 20,000 emails. While after a few moments these were blocked by the spam filter (as is the case with such very basic attacks), a few got through and they were successfully reported by employees. 

But the main threat remains spear-phishing which is one of the reasons why Jean-Martial chose Mantra in the first place : the engine sends varied simulations to each employee based on role, department and software used and also changes the scenarios and payloads. So far this has proved very useful to train users in real-life conditions and ready them for further, more dangerous, attacks.

Jean-Martial also credited the dashboard and very clear reporting and analytics with allowing the admins to identify the people who are having the most difficulties and taking the necessary steps (such as dedicated one-on-one training) to help them progress.  

Developing a threat-reporting culture

Reporting of phishing attacks has increased drastically since the deployment of Mantra’s engine, increasing from 1-3 per week to 1-3 per day, a 5-time increase that highlights how Partnaire’s users are both growing used to the threat reporting feature of Mantra’s engine and becoming better prepared at detecting phishing attacks. 

Partnaire’s click rate is also decreasing. The simulations are on track to decrease the overall click rate by 70%. Jean-Martial believes that the frequency of the simulations is a key component in ensuring that Partnaire’s users develop lasting habits and that this issue “requires training on a long-term basis”. 

Partnering with Mantra

Partnaire initially picked Mantra due to the quality and variety of simulations its engine sends in a tailored manner to Partnaire’s employees, as well as because of the automation of the process, the ease of deployment, and the gamification feature. 

Moreover, Partnaire was also sold by Mantra’s capacity to innovate in its approach to helping companies protect against phishing attacks, as well as by the new features currently being developed. 

Asked how he would grade Mantra’s solution out of 10, Jean-Martial says it’s “at least a 9” and that he would definitely recommend the simulation engine to other companies facing similar cyber risks.