Case Study 

Phishing attacks – How to reduce your exposure!

The University of Leeds uses Jisc’s simulated phishing and associated training framework to help reduce its risk to cyber attacks relating to phishing emails.

The Challenge

As with all organisations, especially within Higher Education, the University of Leeds was continually dealing with the challenges phishing attacks bring to its staff and students. In order to implement the right solutions and improvements that will help protect and prevent these types of attacks, the University needed to understand its overall risk and exposure.

A vital step to achieving this was to review how many phishing emails could make it through the University’s defences to its users and their devices, as well as assessing users’ abilities to identify and deal with common phishing techniques used to deliver malware such as ransomware, or capture confidential information.

The Solution

Dave Neild, Cyber Security Architect at the University, approached KHIPU Networks via Jisc’s framework for simulated phishing and associated training services. This allowed the University to perform a phishing exercise to help identify potential weaknesses in the organisation’s workforce; those who may open, click and download malicious emails and attachments.

KHIPU conducted the phishing simulation against 12,354 users where an email was sent with a word attachment offering a lottery of rewards, including a £500 gift voucher. A prevention report was then generated detailing all findings and recommendations for an improved cyber security posture. All findings were presented to Neild by KHIPU’s Cyber Security team.


Identification of user behaviour and infrastructure defences: The service provided granular details on the behaviour of users surrounding the phishing simulated attack. This means the University can assess how many users interact with phishing emails i.e. clicks, interaction speeds and downloads to gain a full picture of how such an email got through its current defences.

Identification of cyber security awareness: The University now knows which users represent vulnerabilities in its defences. This identification is key to creating justifiable plans for cyber security education and/or additional resources needed to combat attacks made possible by uneducated workforces.

The Result

From conducting this phishing exercise, the University gained a full picture of staff who could pose a risk during such attacks, enabling Neild’s team to focus cyber security awareness training where it’s needed most.

At the same time, the findings and recommendations will help the University improve its cyber security posture to help identify and prevent these types of cyber attacks.

The University will be running a number of simulated phishing exercises along with training services to help continually raise awareness of these attacks.

  • Dave Neild, Cyber Security Architect, University of Leeds

    “The strongest and weakest layer of defence against phishing attacks are your users. It’s vital to understand your organisations risk to these cyber-attacks and be able to provide the necessary awareness training and tools to limit your exposure. Using the Jisc framework for simulated phishing and awareness training, provided by KHIPU Networks, we have been able to test our security posture and identify key areas to help protect the University from future attacks.”

Register Your Interest

If you are interested in our cyber security risk assessments as part of the Jisc frameworks (including current PROMOTIONS), please complete the form and our team will send you a cost proposal. The current promotion is based upon a purchase order/invoice before 2nd December 2019.

UK: +44(0)345 272 0900
SA: +27 (041) 393 7608

I agree to receive communication on newsletters, promotional content, offers and events. Your information is confidential, KHIPU never sells or shares contact information.

*required field

UK Public Sector Purchasing Frameworks

The below Jisc frameworks are available via a direct award to KHIPU:

Vulnerability Assessment and Information Service – read more

Simulated Phishing and Associated Awareness – read more

Zero Vulnerability Infrastructure

Read more about our cyber risk assessment services that address key areas of your environment for maximum protection and prevention against cyber attacks. Free phishing simulations and vulnerability scans available – request a quote NOW!

Cyber Security Documentary

Watch the  Jisc cyber security documentary with National Cyber Security Centre (NCSC)Redacted Firm – Understand your potential weaknesses to cyber attacks!