Part of the fast-growing facilities management company Vertas Group, Concertus Design and Property Consultants operates multi-disciplinary teams that provide end-to-end management of construction projects from feasibility stage to design through to completion. A member of the Concertus leadership team, Associate Director for IT Jonathan Burl is responsible for the organization’s technology estate, including cybersecurity. Recognizing that people represent their biggest risk, Jonathan engaged cybersecurity experts Spear Shield to evaluate their current strategy and provide specialist advice to improve their defenses.
The challenge: Detecting and preventing credential harvesting and data loss to protect brand reputation
“We already had the default, out-of-the-box Exchange Online Protection (EOP) controls deployed in Microsoft 365, but we were aware that advanced phishing attacks are engineered to get through them,” explains Jonathan. “At the same time, we wanted to make sure that we could stop incidents occurring in outbound communications that were caused by human error. Spear Shield act as our trusted cybersecurity advisers, so we contacted them to find out what they recommended.”
Jonathan and his team were concerned by impersonation attacks targeting Concertus employees that looked to harvest their credentials. These are predominantly phishing attacks sent from compromised supply chain accounts that can bypass traditional reputation-based detection techniques and appear highly credible to the recipient.
The Concertus team also recognized the importance of a holistic email security strategy that prioritizes outbound data loss prevention. Most outbound incidents are caused by human error, and the team wanted to ensure they had technology in place that could detect misdirected emails and provide granular risk reporting.
“Ultimately, our reputation is everything,” states Jonathan. “By prioritizing our email security, we protect our people and our customers, which then protects our relationships and our reputation.”
"We already had the default, out-of-the-box EOP controls deployed in Microsoft 365, but we were aware that advanced phishing attacks are engineered to get through them."
Jonathan Burl, Associate Director for IT, Concertus
The solution: Intelligent inbound and outbound email security integrated into Microsoft 365
In October 2022, the Concertus team spoke with Spear Shield about enhancing their email security. “We conducted an in-depth phishing simulation exercise with Spear Shield, who provided us with a comprehensive report,” continues Jonathan. “While our simulation results were above average, Spear Shield offered strategic advice about the ways we could move to the next level. We subsequently trialled Egress Intelligent Email Security.”
A single product suite, Egress Intelligent Email Security provides both inbound and outbound threat detection. Egress Defend uses AI models, including natural language processing (NLP) and natural language understanding (NLU), to detect the advanced phishing attacks that get through native cloud email security. Egress Prevent, meanwhile, uses machine learning to understand each employee’s behavior to determine whether they are emailing the right content to the correct recipients. When deployed alongside Egress Protect, the solution also automates the encryption of sensitive data for complete outbound email security.
“By working with Spear Shield to deploy the full Egress Intelligent Email Security platform, we simultaneously enhanced both our inbound and outbound defenses,” says Jonathan. “It’s fantastic to work with a single provider that can do both. Spear Shield and Egress made the process incredibly easy and collaborative.”
"We knew from working with Spear Shield and Egress to trial the software that the solutions are fast and simple to deploy – we were up and running in just 30 minutes. In both the trial and the full deployment, they’ve really proven their value."
Jonathan Burl, Associate Director for IT, Concertus
The benefits: Email security that acts as an enabler, not a blocker
“We knew from working with Spear Shield and Egress to trial the software that the solutions are fast and simple to deploy – we were up and running in just 30 minutes!” explains Jonathan. “In both the trial and the full deployment, they’ve really proven their value.” Not only does Intelligent Email Security assure enhanced detection and prevention capability, Concertus also benefits from increased visibility for risks and threats. Using the Egress Security Center, Jonathan and his team can gain insight into the phishing threats targeting the organization, as well as the outbound human error incidents detected.
“It’s not just the IT team who are delighted with the solution, our colleagues are as well,” says Jonathan. “I’ve had lots of very positive feedback from people, who appreciate that Egress helps them work as effectively and securely as possible. IT sometimes has a reputation for being a productivity blocker, but thanks to Spear Shield’s recommendations, it is genuinely seen as an enabler. People particularly enjoy Egress’ dynamic banners and prompts, which act as safety nets to keep them protected.”
Both Defend and Prevent use real-time teachable moments to augment security awareness through dynamic banners and prompts that are proactively delivered at the point of risk. “I’m delighted with the consultancy and advice we’ve received from Spear Shield and the products we’ve deployed from Egress,” concludes Jonathan. “We’re now providing greater security and assurance to our colleagues and customers, making us more competitive and enhancing our employer brand. We’re now evaluating Defend at a group level. I’m excited to see where our relationships with Spear Shield and Egress will go next.”