Customer Success Story

The Background

Phishing attacks can severely impact a manufacturer‘s business and even paralyze the entire production. Lost profits are the consequence, and in addition, customer confidence decreases and competitiveness declines.

Kirchhoff & Lehr, a specialist in profiling technology known throughout Europe, cannot afford such failures. With more than 110 employees, the company produces cold-rolled sections for numerous applications at its Arnsdorf site, including the automotive industry, electrical engineering, plumbing, door systems and drywall construction. In addition to this broad product range, Kirchhoff & Lehr has made a name for itself through high quality standards, delivery reliability, value for money and profiles tailored precisely to customer requirements. This is also reflected in the IATF certification, which attests to the company‘s high level of quality as an automotive supplier.

Robert Batz
Head of IT – Kirchhoff & Lehr GmbH

The Challenge

Although Kirchhoff & Lehr – like many other companies – had faced Phishing before, the number of fake emails skyrocketed during the Corona crisis. For example, many cybercriminals used the fear of the virus to trick their victims into opening malicious links or attachments. Others lured users to mock websites to grab their log-in credentials.

„With the mass of daily (Spear)-Phishing-Mails, the danger increased that not all of them could be intercepted by the IT department, but would break through all IT protection mechanisms,“ recalls Robert Batz, Head of IT at Kirchhoff & Lehr. „Therefore, we sought external support to raise awareness among the workforce about Phishing attacks and IT security.“

After a one-month test run with IT-Seal‘s Security Awareness Trainings, it was clear to those in charge: these trainings should become a permanent feature for employees in the Administration. This is mainly due to the Spear-Phishing-Simulations, which offer a high educational and didactic benefit.

The Solution

Information Campaign For Employees

Before the Awareness Training sessions started, employees were informed in detail about them in accordance with data protection regulations and asked for their consent.

„Then, in close cooperation with IT-Seal, we selected suitable Phishing scenarios so that we could tailor the training e-mails specifically to the individual administrative employees,“ reports IT Manager Robert Batz.

Kirchhoff & Lehr‘s organizational chart provided valuable support, as it depicted the relationships between and within departments.

Phishing-Simulations and Report Button

Since early 2022, IT-Seal has been sending employees regular fake Spear-Phishing-Mails purporting to be from their supervisors, coworkers, colleagues or outside agencies. If an employee falls for a simulated Phishing attack, they land directly on an interactive explanation page that gives them clues about suspicious features: whether it‘s misspelled letters in the address line, fake subdomains or dubious links. IT-Seal provides employees with supplementary e-learning via the „Security Hub“ learning platform.

In addition, the IT-Seal Reporter Button, which is directly integrated into Microsoft Outlook, trains employees‘ Security Awareness. If a user is unsure whether a received email is fake, he or she can forward it to the IT department for technical review at the touch of a button. Depending on this, the mail is blocked or released there.

Successful Awareness Training

Great Learning Progress Measurable

After just a few months, employees have made significant progress in recognizing Spear-Phishing-Attacks. This can be measured with the patented Employee Security Index (ESI®) from IT-Seal. It provides a metric for determining the security behavior of employees and is calculated based on how they respond to simulated Phishing-Mails of varying difficulty. If the ESI® deteriorates, IT-Seal‘s AI-powered Awareness Engine automatically readjusts and adjusts the number and difficulty levels to individual learning needs.

Via a management dashboard, Head of IT Robert Batz can view the ESI® development in the individual departments and groups anonymously at any time. This allows him to monitor current learning progress and provides a basis for further campaign planning with IT-Seal.

Ongoing Continuation Planned

Already today, this planning points far beyond the originally agreed contract period, so that employees remain „in practice“ and new employees can also be integrated into the training. There are also plans to expand the IT-Seal offering to include Vishing Awareness Training, in which employees experience simulated attacks using their phones.

In the process, they are asked to share information or perform malicious actions. If a called party is tempted to do so, IT-Seal interrupts the simulated attack and resolves the situation. The result is that employees become more confident in dealing with Vishing attacks in their day-to-day business.

IT manager Robert Batz is sure that employees will also be enthusiastic about these trainings: „We have received overwhelming feedback on the Phishing-Simulation, our employees have recognized the growing Phishing dangers and their own responsibility as a human firewall.“

In addition to the good content, methods and tools of the IT-Seal offering, he himself appreciates the pleasant and competent interaction with the account manager. „Our contact person at IT-Seal always has an open ear for our concerns and suggestions and is always available for us.

As a result, a friendly relationship has developed over the course of our collaboration, which more than benefits the establishment of a sustainable security culture at Kirchhoff & Lehr.“

Conclusion

„The feedback from our employees on IT-Seal‘s Spear-Phishing-Simulations is overwhelming. They are systematically made aware of the growing Phishing threats and realize the great responsibility they have as a human firewall to defend against the increasing Phishing attacks.“

Robert Batz – Head of IT – Kirchhoff & Lehr GmbH

More Information

Security-Awareness-Trainings from IT-Seal:
Benefits at a glance

Click here

Spear-Phishing-Simulations train attack recognition

E-learnings, online and face-to-face seminars deepen learning content

Employee Security Index (ESI^®) makes Security Awareness measurable

Reporter Button supports identification of dubious e-mails

Management dashboard for timely monitoring of learning progress

Security Hub offers employees an individual learning platform

Campaigns always up to date with latest attacker schemes

Full-Service offer relieves internal resources

About
Kirchhoff & Lehr

Click here

Kirchhoff & Lehr GmbH

Kirchhoff & Lehr is a well-known manufacturer of cold-rolled profiles throughout Europe. The spectrum ranges from simple standard profiles to special profiles and complex systems.

With 110 employees at its Arnsdorf site, the company is part of the Tillmann Group, an association of three other independent companies. As a manufacturer in the metal processing industry, Kirchhoff & Lehr supplies customers in the automotive, electrical engineering, sanitary, door systems and drywall construction sectors.

www.tillmann-gruppe.de

Start your Customer Success Story today!

Test your Security Awareness and get to know the following modules of the IT-Seal Awareness Academy without obligation:

How does the test of our phishing simulation work?

Step 1: Sign up with your business email address.

Step 2: You will receive a confirmation e-mail confirming your registration.

Step 3: After confirming your registration, you will immediately receive your test access.

At the same time, the phishing simulation starts and you will receive a total of 4 simulated phishing emails within two weeks.

At the end, you will receive your personal evaluation: Which phishing emails did you recognize, and which ones did you fall for?