The challenges
Relying on self-reporting limited NHS Dorset ICB’s ability to fully understand the scale of outbound email challenges.
Phishing attacks leading to compromised accounts posed the highest information security risk, allowing cybercriminals to launch internal attacks.
They required a holistic email security platform that could address both inbound and outbound threats and provide real-time risk oversight.
Hiding in plain sight: how self-reporting masks critical threats
Bridging the gap between health and social care, NHS Dorset ICB (NHS Dorset) handles a delicate combination of sensitive business and patient data. It is therefore imperative that they uphold informational integrity and confidentiality when communicating by email.
Despite fostering a strong culture of self-reporting misdirected emails and attachments, Duncan Pike, Information Security Manager of NHS Dorset, notes: “Ultimately, mistakes happen – whether it’s sending information to the wrong recipient or even failing to recognize an error has been made. However, our reliance on hand-raising left us unable to fully grasp the scale of our outbound email challenges.”
Additionally, Duncan identified inbound attacks as the organization’s most significant information security risk, with particular concern surrounding compromised accounts stemming from phishing emails. The attacks would often include malicious links that would direct the recipient to convincing credential harvesting sites, giving cybercriminals the tools to deliver sophisticated attacks to other employees from within the organization.
Duncan states: “As a result, we began searching for an email security platform capable of mitigating both inbound and outbound threats, while providing us with real-time oversight of the risks within the business and identifying our most vulnerable employees.”
Turning threats into teachable moments with Egress
Familiar with Egress, a KnowBe4 company, through its widespread use within the public sector, NHS Dorset deployed the Egress Intelligent Email Security suite across 600 users.
Comprised of Egress Defend, Egress Prevent, and Egress Protect, the platform seamlessly integrates with Microsoft 365, utilizing AI models and an adaptive security architecture to detect and respond to threats, as well as providing real-time nudges to alert users before security incidents can occur.
During their evaluation, NHS Dorset was especially impressed by Defend’s configurability to automatically quarantine specific phishing emails, while using color-coded banners within the inbox for in-the-moment coaching on other neutralized threats. Duncan states: “Egress provides us with the perfect balance of security and user education, without disrupting business continuity.”
Duncan adds: “We also appreciate how intuitive Prevent and Protect are for users, offering a moment to reflect on whether they’re sending the right information to the right recipient with the necessary protection. Protect also brings the advantage of seamless, automatically decrypted communication with numerous NHS bodies.”
“Egress runs itself and everything just works. With it in place, we can focus on higher priority tasks, knowing our email security is managed efficiently and effectively.”
Duncan Pike, Information Security Manager, NHS Dorset
Egress clears threats from NHS Dorset's risk register
In a 90-day period, 3,948 potential phishing attacks bypassed Microsoft’s security defenses and were neutralized by Defend. Of these, 1,164 were classified as dangerous phishing attempts and sent to quarantine, while the remaining suspicious threats were flagged with dynamic banners.
In addition, Duncan noted a 68% decrease in security cases raised by employees. “The combination of intelligent detection and enhanced reporting has significantly cut down on the need for hand-raising within the organization. With Egress’ analytics, we know exactly where to allocate our resources and spend far less time investigating inaccurate self-reported incidents.” This shift to proactive threat detection and response not only enhances NHS Dorset’s operational efficiency but also strengthens their compliance efforts.
The Human Risk Management Dashboard is a valuable tool for NHS Dorset. “It gives us early insight into how vulnerable certain inboxes are to targeted attacks. For instance, we now know one of our publicly posted mailboxes is 22% more likely to be targeted by phishing than others,” Duncan explains.
Duncan concludes: “Egress runs itself, and everything just works. With it in place, we can focus on higher-priority tasks, knowing our email security is managed efficiently and effectively, without constant intervention.