How a leading UK charity conquered cyberfraud and secured its reputation

“When you are a charity, your funds are limited in a way that they are not in other organizations. Every penny that I spend is a penny less that we have to help people affected by cancer.” — Tim O’Neill, Head of Information Security and Technical Operations, Macmillan Cancer Support.

Macmillan Cancer Support’s mission is to “help everyone with cancer live life as fully as they can, by providing physical, financial and emotional support.” But like any charity, the organization is constrained by financial realities. So when Tim O’Neill, the organization’s Head of Information Security and Technical Operations, realized he had to replace his inadequate Mimecast email security, he knew he would have to choose carefully.

BEC attacks out of hand

Macmillan already had several Cybersecurity products in production when Tim joined the organisation, but he soon found that his team was overwhelmed with business email compromise and other phishing attacks, some of them resulting in fraud losses totaling about £45,800. With lots of malicious emails and spam getting through the company’s email security, attackers breached email accounts at a trusted supplier and observed communications between the organizations for an extended period. “So by the time they started taking over that conversation, they were linguistically very similar to the original conversation,” Tim explains. “Mimecast wasn’t picking up on these, and we had a couple of occasions where there was financial fraud because of this.”

Choosing the correct Cyber Security Product

Tim and his team have a lot of sensitive data to protect, Macmillan has 1,500 employees across the UK, but that’s just the beginning. 

“When you are part of Macmillan, you could be an employee, a donor, a volunteer, a professional, somebody who is using our service desk, somebody who is affected by cancer, or you could be a fundraiser. Every conversation that you have with Macmillan is utterly confidential, and you know that you can trust us to keep that confidence.”

Tim and his team evaluated a number of email security solutions and chose Barracuda Email Protection via a Partner, based on price, performance, support, and usability. This security platform integrates a wide variety of capabilities, including automated incident response, easy DMARC configuration and reporting and email security that uses AI to detect anomalous and malicious emails that traditional security can’t.

Big benefits

Since implementing Barracuda Email Protection via a Partner, Macmillan’s fraud losses have stayed at zero. “Within about a month of putting it in, we found examples where it had stopped compromised emails from getting through, which Mimecast allowed through, and protected against people impersonating our directors. The speed of deleting a malicious email from everybody else’s inbox was very impressive as well. Those features were incredibly strong.”