At a glance
To protect patient data and avoid system compromise, East of England Ambulance Service (EEAST) wanted to neutralize attacks getting through Microsoft 365’s native defenses.
EEAST now use Egress Defend’s AI-powered detection capabilities and real-time teachable moments to eliminate phishing risk and improve employees’ security awareness.
Targeted phishing attacks threatening patient safety
Assisting approximately seven million patients across six counties, it is crucial for the East of England Ambulance Service (EEAST) to prevent busy healthcare professionals from interacting with phishing attacks that could compromise their entire system.
“In keeping with most public services in the NHS, we deal with stretched workforces,” explains Dean Ayres, Head of Information Governance and Security at EEAST. “With this came concerns that too many phishing emails were slipping through Microsoft 365’s native defenses and landing in preoccupied users’ inboxes. In particular, we were worried about advanced attacks, such as those containing ransomware, that could put sensitive patient data at risk or even shut down the service, risking lives.”
Consequently, Dean and the team at EEAST recognized the need for an anti-phishing solution that could enhance their defenses in Microsoft 365, while also helping them identify their riskiest users.
"With the introduction of human risk management, we now have a holistic view of our riskiest users hour by hour
Dean Ayres, Head of Information Governance and Security
Detecting the threats that get through Microsoft's native defences
Following a successful solution evaluation in 2022 that caught 65 phishing emails that had bypassed their native defenses in the first 72 hours, EEAST implemented Egress Defend to supplement their native security capabilities.
Seamlessly integrating with Microsoft 365, Defend uses AI, including pregenerative and zero-trust models, to detect advanced inbound threats. Inspecting every email before it lands in a user’s inbox, Defend utilizes linguistic, contextual, and behavioral analysis to identify threats, including zero-day and emerging attacks. Additionally, Defend uses dynamic heatbased banners to alert users to risk, providing in-the-moment training to enhance security awareness for even the busiest of employees.
“Users are really responsive to the banners and stop to pay attention to red or amber warnings,” says Stephen Bromhall, Chief Digital Information Officer at EEAST. “Even for employees who are on the go, mobile banners make it extremely clear if an email is malicious, whether that’s a suspicious link, unauthorized domain, or even socially engineered attacks without a traditional payload.”
In addition, EEAST was excited about Egress’ human risk management dashboard, which provides an aggregated human risk score for each individual user based on Egress product telemetry, data from products within the organization’s cybersecurity ecosystem, open-source intelligence (OSINT), and user behavior.
Dean explains: “With the introduction of human risk management, we now have a holistic view of our riskiest user’s hour by hour, taking into account real-life data from the Egress platform, individual intrinsic risk, and OSINT.”
"Users are really responsive to the banners and stop to pay attention to red or amber warnings."
Stephen Bromhall, Chief Digital Information Officer
Enabling competitive innovation and protecting corporate information
In a 90-day period, Egress identified numerous highly sophisticated threats that Microsoft 365 missed, including over 380 attacks from compromised accounts and more than 510 phishing attempts carrying a suspicious link that had bypassed signature-based detection.
“The technology gives us the reassurance that we’re ahead of the threat actors,” states Stephen, “Once we put Defend in, we couldn’t risk taking it out.”
Additionally, Egress saves the EEAST team considerable resources when analyzing and reporting on risk. “We’re particularly impressed with the administration capabilities,” Dean explains. “I used to spend hours configuring rules and monitoring quarantines, but this is no longer the case. The admin page gives us the ability to have all the threat intelligence we need in one place, quickly and simply, as well as remediation capabilities – ultimately allowing better peace of mind and time back in my day.”
“If we didn’t put Egress in place and we got hit by a ransomware attack, the ambulance service would cease to function, and it would have a real, human, cost,” concludes Stephen. “Therefore, I see Egress as a partner, helping us to provide clinical care to citizens that need us, when they need us.”