We implemented a "report phishing" button eight months ago, hoping to get proactive on threats. However, our Security Operations Center (SOC) analyst, who is the only one handling this, now spends over 15 hours a week sorting through employee reports. Out of all the reports, half are junk or newsletters, a quarter are genuine phishing attempts that need investigation, and the rest are from employees simply reporting emails they signed up for, like DocuSign notifications. The volume has become overwhelming, leaving us unable to provide responses, which frustrates users and damages our security team's reputation. I'm looking for solutions to automate this process without entirely shutting down our reporting system.
5 Answers
Look into setting up confidence scoring for reports. This way, high-confidence benign reports get auto-responses and close, while only medium-confidence reports make it through to your analyst. This could help lower the volume significantly.
Consider integrating automated verdict systems into your workflow. Utilizing machine learning can help automatically close out benign reports like DocuSign and newsletters based on user feedback, and it can also prioritize true threats for human review, saving your analyst a ton of time—up to 80%!
Using solutions like Abnormal has worked wonders for us. They automatically discern benign reports from actual threats, drastically reducing the time spent on manual reviews.
What kind of response are users really expecting? An automated "thank you for reporting the message" might actually suffice, you know?
Don't underestimate the impact of user training. If employees are conditioned to report everything as phishing without understanding the context, it contributes to the overload. It might help to refine your reporting process to allow for categorization, like marking something as junk rather than phishing. That could help lessen the unnecessary reports.
Yeah, but they definitely want more than just a simple acknowledgment. If they feel like they're not being heard, it can lead to more frustration.