Chelsea Football Club (FC) is a professional football club in the English Premier League based in London. Founded over 100 years ago, the club competes in the Premier League – the top division of English football – and is one of the most recognizable and successful clubs globally. The club’s backend operates like any other company, with a core staff of around 800 individuals spread across departments including Operations, Marketing, HR, and IT
As a high-profile sports team with millions of worldwide fans and publicly recognizable players and staff, Chelsea Football Club is constantly in the spotlight. And data leaks to the press often target sports clubs, like the Football Leaks case which saw confidential financial transactions between European professional footballers and clubs published between 2015 and 2019. Chelsea FC knew that keeping their data safe was a top priority; research by the UK’s National Cyber Security Centre (NCSC) in 2020 found that at least 70 percent of sports institutions in the UK suffer a cyber incident every 12 months, which is more than double the average for businesses.
As the main internal communication tool for most organizations, email is particularly susceptible to being compromised by hackers. In 2020, a Premier League football club narrowly avoided losing £1 million when their email account was targeted by hackers during a transfer window, mirroring a successful phishing scam against Italian club Lazio in 2018, which lost them €2 million. With the escalation in email-based attacks, the Chelsea FC security team recognized that email was a key risk vector when it came to securing data.
Beyond their existing email management and monitoring system, the team had no dedicated anti-phishing solutions implemented and no system for user training and phishing awareness. Chelsea FC had found that the built-in email filtering solution provided by Microsoft Office 365 was cumbersome to use, with no ability to be used while on the go for email mitigation. Chelsea FC’s internal team cover information security responsibilities like policy creation, performing security procedures, and network monitoring, but as a small and agile team, they required further external solutions to be able to boost their email security capabilities.
The Chelsea FC security team was looking for something easy to manage for their busy team. As email security responsibilities at the time of implementation were spread between the IT infrastructure team and senior engineers, the organization was looking for a solution that would save time, ideally using automation to remove the burden of identification and mitigation from the staff. The team also recognized the importance of user education in their anti-phishing strategy and were therefore looking for a platform that could address their training needs and educate users across the business.
After being recommended the IRONSCALES solution by their security partner, the team quickly found that its self-learning, AI-driven phishing protection and simple usability was the best tool for supporting both their email security needs and their busy internal team. After conducting a short Proof of Concept within the IT department, Chelsea FC’s security team found the implementation process very easy, with IRONSCALES integrating directly into the Office 365 inboxes of their 800 users. From there, the solution started inspecting emails for phishing automatically. The internal security team also found IRONSCALES’ ongoing support particularly beneficial throughout the implementation process and beyond.
IRONSCALES’ powerful combination of machine and human intelligence has helped Chelsea FC resolve over 2000 incidents since starting to actively use the solution in 2019. Of these incidents, 572 were phishing, 693 were spam, and 313 were deemed safe. One of the key benefits for the Chelsea FC security team has been the ease of use and management; the solution began using AI to detect and remove threats from inboxes immediately after implementation. The handy IRONSCALES phishing button has made reporting intuitive for the busy team at Chelsea FC, and even when employees don’t report directly through the IRONSCALES button they’re often raising it through the service desk, showing a marked improvement in general awareness.
The Chelsea FC team is also benefitting from IRONSCALES’ mobile app, which allows them to immediately triage notifications from users directly from their phone, whether they’re at work, at home, or on the go. When working from home was mandated in 2020 due to the COVID-19 pandemic lockdown, the team saw increased attempts to spoof Directors and PAs targeting home workers. However, using the IRONSCALES mobile app has made it easier for members of the internal security team to keep mailboxes clear of malicious emails at any time of day and from any location, throughout the remote working transition.
The Chelsea FC security team has also been able to run various phishing simulation campaigns, with both email security and awareness training integrated into IRONSCALES’ single offering. Launching simulations one department at a time, the Chelsea team has been able to establish the phishing knowledge of each area of the business. After starting with basic campaigns, the internal team is now working on making each simulation more difficult than the last. By running simulations continuously and building on their employees’ knowledge tactically, Chelsea FC has seen a ‘definite improvement’ in general phishing awareness and a noticeable uptake in reporting.
By using the IRONSCALES solution, Chelsea FC joins a global threat intelligence-sharing community, with every IRONSCALES customer helping to warn the wider community about newly discovered threats anonymously. Being a part of the community means that Chelsea FC is not only able to anticipate threats from around the globe before they hit, but is also helping other organizations do the same, contributing to the wider defense against email-based attacks.
Analyst hours saved
Chelsea FC is continuing to run detailed phishing simulations, intending to test based on the vulnerabilities they identify within each department of their business. By running these simulations strategically and beginning to personalize them based on department, the internal team can more accurately quantify their cybersecurity posture and minimize clicks on malicious links across the entire organization.
Every day criminals launch billions of new phishing attacks. No company is immune. Legacy solutions can’t keep up & cloud providers struggle to stop advanced attacks with native controls. IRONSCALES’ powerfully simple email security solution helps you fight back fast and keeps your company safe in today’s cloud-first world. Incubated inside the world’s top venture program for cybersecurity and founded by alumni of the Israeli Defense Forces’ elite Intelligence Technology unit, we offer security professionals an AI-driven, self-learning email security platform that provides a comprehensive solution to proactively fight phishing attacks.
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today.