Email Security Case Study: United International Pictures

The challenge of increasingly sophisticated phishing campaigns

Since 1981, United International Pictures (UIP) has distributed more than 1,000 films under licence, all around the world. As a key player in the movie industry, it has been responsible for more than 100 Academy Award® winners.

One of the biggest threats to their data is phishing. In recent years, phishing campaigns have become extremely sophisticated, making it increasingly difficult for busy or distracted employees to differentiate these from the real deal.

Whilst these kinds of emails have been around a while, there appears to be no sign of them abating and UIP wanted to enhance its protection against phishing campaigns.
Previously, UIP had been reliant on SPF Filters to protect against phishing campaigns. However, with over 250 staff, it was clear that the real front line against phishing campaigns was the organisation’s IT users themselves.

In 2018, the GDPR came into effect; the latest addition to a plethora of data protection legislation, shifting the burden of responsibility for the protection of data to companies. This brought the protection of data to the attention of many organisations.

The regular training sessions to educate staff based in offices around the world about the risks and tell-tale signs of phishing emails, were no longer enough. They wanted to take their defence one step further.

Finding a phishing defence solution to liberate the workforce

UIP didn’t feel that its employees needed to be constantly questioning the authenticity of emails landing in their inbox. It wanted its employees to be able to concentrate on what is important.
By removing the pressure on IT users to determine authentic emails from phishing campaigns, UIP felt it could be confident that it had done all it could to protect against these malicious emails that put its systems, data and the personal information of their staff, at risk. By enhancing its protective measures, it could also reduce the risk of being landed with the hefty financial penalties that can accompany a data breach.

UIP first met HANDD at an industry event in July 2019, at which UIP’s needs were discussed. HANDD’s consultants, with their extensive knowledge of the data security marketplace, recommended Agari Phishing Defense™.

Agari is the market share leader in phishing defence solutions for the enterprise. Agari ensures outbound email from the enterprise cannot be spoofed, increasing deliverability and preserving brand integrity. HANDD and their partner, Agari, were able to arrange regular calls between themselves and UIP throughout the deployment process. With this expertise available, HANDD could ensure that UIP would get the most out of its new software and, together, HANDD, Agari and UIP could ensure its introduction was seamless and effective.

The Solution: Seamlessly introducing game-changing technology

Agari Phishing Defense uses AI and ML to identify and quarantine suspicious emails. By combining identity mapping, behaviour analytics and trust modelling, Agari Phishing Defense minimises the false positives, effectively protecting against genuine threats to IT security. It intercepts phishing campaigns from outside the business, inside the business and between employees, allowing users to have confidence in the authenticity of the contents in their inbox.

Agari is due to be rolled out to the whole UIP business in Autumn 2020, but from initial testing, Don Gasparavicius, Information Security Manager, feels that the new software will help it to keep its systems secure. He said “I’m confident that Agari will help us reduce the amount of phishing emails that come through. Removing the reliance on human element in the decision-making process makes it a better solution for both the users and for the organisation.

With direct access to an Agari technician, HANDD’s Account Manager and Solutions Architects, the roll-out of the Agari Phishing Defense will be a relatively fast process. However, fine-tuning the platform to deliver the automated approach to effective email screening could take up to six months.

Agari Phishing Defense doesn’t affect the user workflow, but as the integration approaches completion, UIP staff will be made aware of the changes and given an opportunity to ask questions on how the system works to enhance acceptance.

So far, the biggest challenge has been deciding where to draw the line on the emails to be filtered – which means determining what emails should be intercepted and whether Agari Phishing Defense should be used for spam addresses, or reserved only for genuine threats to the business and its users only.