Case Study: Reducing AI-Enabled Phishing Risk
Executive Summary
A professional services client of Secure Strategic Technologies experienced an increase in highly convincing phishing and social engineering attempts, enhanced by generative AI. Although no breach was successful, several incidents exposed a rising risk of credential theft and financial fraud. During Secure Strategic Technologies’ managed services onboarding, we implemented Security Awareness Training and completed many of the Center for Internet Security (CIS) recommended Microsoft 365 benchmarks for tenant hardening. These onboarding measures immediately lowered phishing risk, while longer-term CIS Implementation Group 1 (IG1) safeguards were planned and delivered through a series of structured meetings.
Customer Overview
Customer Name: Confidential Professional Services Firm
Industry: Professional Services
Location: United States
Size: 25 – 75 Employees
Challenge
The organization depended heavily on Microsoft 365 for email, collaboration, and document management. Like many small and mid-sized businesses, it had gradually developed its Microsoft 365 tenant with limited security standardization. The rise of AI-enabled phishing has uncovered several weaknesses, including highly convincing phishing emails that reference real vendors and internal workflows; attempts to impersonate executives and finance teams; limited user exposure to modern phishing techniques; inconsistent reporting of suspicious messages; and security features in Microsoft 365 Business Premium that are not fully configured. Leadership aimed for immediate risk reduction without delaying progress on broader security maturity goals.
CIS Guided Onboarding Approach
Secure Strategic Technologies bases its cybersecurity practices on the CIS Cybersecurity Framework. Full CIS IG1 implementation is carried out gradually through recurring meetings, rather than all at once, to ensure proper deployment of security controls. During onboarding, SST prioritized high-impact, phishing-related safeguards that could be quickly deployed. These included implementing Security Awareness Training aligned with CIS user education safeguards, hardening the Microsoft 365 tenant according to CIS configuration benchmarks, and enhancing identity and email security to lower phishing success rates. This strategy enabled the client to reduce immediate risk while creating a clear plan for full CIS IG1 adoption.
Key Controls Implemented During Onboarding
Huntress Security Awareness Training deployment, CIS-aligned Microsoft 365 tenant hardening, enforcement of multi-factor authentication, anti-impersonation and domain spoofing protections, configuration of Safe Links and Safe Attachments, and user reporting workflows for suspicious messages.
Solution
Secure Strategic Technologies integrated onboarding enhancements with a structured plan for continuous CIS IG1 implementation.
Security Awareness Training Deployment
Huntress Security Awareness Training was deployed early to address the human element of AI-enabled phishing. Training included continuous phishing simulations that reflected real-world attacker behavior rather than generic examples. Users received regular phishing simulations, immediate feedback, short training modules, guidance on identifying urgency, pressure from authority figures, and abnormal requests, and clear expectations for reporting suspicious activity.
Microsoft 365 Tenant Hardening
SST applied CIS-recommended hardening to the Microsoft 365 tenant during onboarding. This fixed common misconfigurations often seen in small and mid-sized environments. Improvements included strengthening identity and authentication settings, enabling advanced phishing and impersonation protections, reducing overly permissive access configurations, and enhancing visibility through logging and alerts. These changes lowered phishing risk before relying on user judgment.
Ongoing CIS IG1 Implementation
Following onboarding, SST scheduled recurring implementation meetings to maintain progress toward CIS IG1 alignment. Each session focused on a manageable set of safeguards, ensuring steady improvement without operational disruption.
Results
After onboarding and initial CIS-aligned improvements, phishing messages were more often blocked or flagged, user reports of suspicious emails increased, interactions with simulated phishing attempts decreased, credential compromise risk was lessened through MFA and tenant hardening, and leadership gained clarity via a structured CIS implementation roadmap. The organization achieved immediate risk reduction while progressing toward long-term security maturity.
How Secure Strategic Technologies Supports Similar Clients
Secure Strategic Technologies relies on the CIS Framework as the foundation of its managed services. Immediate protections like Security Awareness Training and Microsoft 365 tenant hardening are put in place during onboarding to mitigate common risks. CIS Implementation Group 1 safeguards are then provided gradually through structured implementation meetings, enabling clients to enhance security without overburdening internal teams.
