How The Mayo Clinic Utilizes Cofense’s Email Security Education, Response, & Defense Solutions

The Mayo Clinic is a $10.3 billion nonprofit American academic medical center based out of Rochester, MN. With more than 63,000 employees who use email throughout the business day. The Office of Information Security wanted to ensure all employees can recognize and report upon a phishing attempt when one crosses their inboxes. In addition, they turned to Cofense to boost their security posture with the addition of Triage and Validator to their stack.

We recently sat with Mayo Clinic’s Kimberly Wanek. As the Senior Manager of Information Security, Kimberly has utilized Cofense to build a very successful education program and we wanted to find out a bit more about her education programs and Mayo’s relationship with Cofense email security intelligence and solutions.

Click here to view the fireside chat video.


Customer:  Mayo Clinic is a $10.3B nonprofit American academic medical center with 63,000+ employees

Challenges: Executives and employees being unable to properly recognize and report phishing emails and unsatisfactory traditional SEG performance

Solutions: Cofense PhishMe, Cofense Reporter, Cofense Triage, Cofense Validator

Results: Delivering a customized phishing education program to reduce the vulnerability rates of employees and providing a multi-platform reporting mechanism. Enhancing security posture with SEG validation, supplemental third-party analysts, and email security intelligence tools.

With the increase in phishing attacks over the last few years, and the steady increase in the number of employees (10,000+ work from home), they found it difficult to manage the number of attacks being reported. As its employment base began to expand, Wanek knew the organization needed the right vendor to provide a scalable phishing solution.  

“A lot of security controls we always think of are the technical controls, but we have to think about the human factor. [For instance,] we didn't have it on mobile devices, and a bigger chunk of our employees were accessing their email primarily on mobile.”

The Mayo Clinic has been able to take advantage of Cofense Reporter and Reporter for Mobile to increase the reporting rate of phishing attempts and Cofense PhishMe for anti-phishing simulation training, bad email flagging and overall cybersecurity awareness.

To enhance their solution suite, the Mayo Clinic added Cofense Triage to “scale all of the training and education that had been put in place, scale our responsiveness to it, so that we could deal with getting back to people as quick as possible and reinforcing that they were doing the right thing.” This enabled them to better analyze incoming threats using Cofense Intelligence, while also reporting back to the threat reporters – effectively ‘closing the loop’ so employees know which action was taken.

Lastly, the Mayo Clinic utilizes the Cofense Phishing Defense Center and Cofense Validator to catch, prioritize and respond to threats that perimeter technology misses.

“[Validator] was giving us insight into how strong our SEGs were, our gateways, how effective they were. So not only could we see how our gateways were performing, but it would give us opportunities, some intelligence on how to strengthen them. [The PDC] allowed our SOC to focus on the next tier of risk. So PDC not only tells us these are malicious, but they give us another category that says these are scams.” 

Many Cofense clients utilize the PDC to supplement their own security teams. The PDC will identify and prioritize threats, provide actionable intelligence, and keep abreast of changing tactics, so security team members can focus on stopping the most prevalent and dangerous attacks.

We encourage you to watch the entire chat to hear additional thoughts from Kimberly Wanek on the need for a multi-layered approach to anti-phishing education and cybersecurity and how Mayo Clinic’s partnership with Cofense has significantly enhanced their security posture.

How the Nuclear Decommissioning Authority Leverages Cofense Email Security Solutions

How the Nuclear Decommissioning Authority Leverages Cofense Email Security Solutions

The Nuclear Decommissioning Authority is a non-departmental public body made up of 26,000 members across the Department for Business, Energy, and Industrial Strategy. With limited resources to dedicate to anti-phishing education and awareness, as well as limited time for quick-response threat identification and removal, NDA worked closely with Cofense to build a proper tech stack to enhance their email cybersecurity posture.  

We asked Neil Kendall, CTI/CYAS Manager at the NDA, during a recent fireside chat to discuss the relationship and how Cofense solutions not only play a critical role in thwarting potential attacks at NDA, but also provide a continuum of educational resources for identification and reporting of phishing emails.

Click here to view the fireside chat video. 


Customer: Nuclear Decommissioning Authority, a non-departmental public body made up of 26,000 members across the Department for Business, Energy and Industrial Strategy. 

Challenges: Executives fear that their teams are being targeted for hours when using traditional SEGs, AND there is a lack of communication regarding phishing.  

Solutions: Cofense PhishMe, Cofense Triage, Cofense Vision 

Results: Educating employees with real phishing simulations as well as spreading awareness by stopping attacks using crowdsourced intelligence. 

On education and awareness, NDA wanted to prevent attacks from entering the office, but realized education had to be about all devices and environments, and that crowdsourced reporting was just as important as initial identification.  Kendall explains the need to “really spread the word to report, even if the person is on the fence and they’re not sure is this malicious, is it non-malicious? Report it. Being able to look at that, identify it as being malicious and then spreading the word around the rest of our group, is vitally, vitally important.”  

He further expands on education and the use of Cofense PhishMe, stating “We can use things like the PhishMe scenarios to be able to test our defenses, test our staff, and we can look to where our soft spots are so we can harden them, and we can then look to bolster them.” 

For the security team, it was time to move beyond dependence on their Secure Email Gateway and add Cofense solutions Triage and Vision to find, prioritize and eliminate what SEGs do not. Kendall explains, “It’s that second line again, it’s that defense in depth, it’s the layered approach that we are not just relying on one technology and what their map of the world is.” Cofense Triage helps the NDA team prioritize the threats so remediation can happen faster, and more time can be returned to security team members to focus on more important issues.  

Going one step further, they paired Triage with Cofense Vision to auto-quarantine phishing threats lurking in their email environment. They can also configure auto-quarantine to look for any new phishing campaigns automatically and continuously and to proactively stop attacks in their tracks. 

“We get that straight into Vision because we know there's that lag between Microsoft Safe Links doing its thing and will we know Vision will do its thing pretty much straight away. For us it's really, really important.” 

We encourage you to watch the entire chat to hear additional thoughts from Neil Kendall on the need for a multi-layered approach to email security and how NDA’s partnership with Cofense has significantly enhanced their security posture.