Smart cyber defense: Elisa helped Coop streamline incident handling

Managing a wide range of reported phishing incidents each month, Coop Switzerland adopted Hoxhunt for cybersecurity training and reporting and partnered with Elisa to triage and analyze reported emails in support of their internal IT security team. Thanks to a combination of artificial intelligence, automation, and human expertise, only a small portion of the reported messages now requires Coop’s attention.

Coop is a diverse retail and wholesale company based in Switzerland. Their operations span everything from supermarkets to home improvement stores and restaurants. In such a wide-ranging organization, robust cybersecurity and vigilance against email threats are essential to keeping everyday operations running smoothly.

“We have seen a rapid rise in the importance of cybersecurity due to increasing incidents such as phishing and system vulnerabilities,” says Noah Denger, IT Security Officer at Coop.

Echoing this, Markus Saaristo, Business Development Director of Cyber Security Services at Elisa, adds: “Phishing emails are still one of the key methods for executing cyberattacks.”

Challenge: Coop needed better simulations and smarter triage

Coop was already using a service to raise end-user awareness about phishing. However, the quality of the phishing simulations no longer met their expectations. While searching for a new solution, they discovered Hoxhunt, which stood out with its high-quality simulations and engaging training experience. However, Hoxhunt didn’t offer triage or analysis of the reported email messages. That’s where Elisa came in, providing the missing piece with a dedicated service for handling reported threats.

“We wanted to implement automated phishing simulations that are regularly sent to users based on their experience,” Noah Denger explains.

“In our team, we needed a solution that could triage a wide range of reported emails efficiently. Manually processing a large amount of reports each month simply wasn’t sustainable.”

Solution: automated incident handling, backed by human expertise

To improve their resilience against phishing attacks, Coop adopted Hoxhunt’s training platform. The platform provides personalized, gamified micro-training and the ability to report suspicious messages at the click of a button.

Given the high volume of reported emails, Coop also needed a sparring partner to help manage the workload. Specifically, Coop was looking for a Hybrid SOC-type solution to support their internal security team by triaging and analyzing reported email messages and alerting them only when further action was needed. As Hoxhunt’s preferred partner, Elisa was chosen to deliver this support through its modular cybersecurity service offering and implementing a joint handling model.

“We do the heavy lifting at the Elisa Cyber Security Center. We handle the initial triage of reported messages using a combination of AI, automation, and human analysis. This allows us to filter out the noise,” explains Heini Hietamies, Cyber Security Service Delivery Manager at Elisa.

Elisa’s 24/7 service efficiently manages and analyzes large volumes of reported suspicious emails and other cyber security events. The solution leverages AI and automation to handle the majority of cases, while security experts manually review those that show signs of genuine threats. This ensures efficiency and quality in cyber security incident handling.

Elisa’s email triage and analysis service was further developed in close collaboration with Coop to meet their specific needs. Key areas such as reporting structure and end-user communication were tailored based on Coop’s requirements. In addition, the user notifications and responses were fully localized into German, French, and Italian to ensure users receive clear, actionable feedback in their own language.

Dedicated experts deliver continuity and strategic insight

Elisa’s solution goes beyond technology. It’s a comprehensive service backed by a dedicated team of experts who ensure continuity and a deep understanding of the client’s environment and needs.

“What I really appreciate with Elisa is that they really listen to our needs. We had several things that we wanted changed in the way they provide the incident reports. And we were always taken seriously,” says Denger.

They made the process of shifting from the old solution to the new solution, really, really easy for us.

As an integral part of the service, Elisa’s team regularly shares insights, trends, and tailored recommendations with Coop.

“To provide the client with up-to-date threat intelligence and situational awareness, our senior analysts present summaries of recent cybersecurity news and trends at our monthly meetings,” explains Hietamies.

“These insights come not only from public sources, but also from patterns and observations across Elisa’s broader client base.”

As Finland’s leading cybersecurity provider, Elisa draws on deep, real-world experience of safeguarding clients critical to the functioning of society. This expertise translates into uniquely comprehensive, relevant, and actionable threat intelligence for Coop.

Significant reduction in Coop’s manual workload

Since the start of the cooperation with Elisa, Coop has been able to significantly reduce the workload on its internal IT security team, with only 10–15 percent of reported incidents now requiring their direct attention.

“Working with Hoxhunt and Elisa has led to significant time savings,” says Coop’s Noah Denger.

“Overall, the service with Elisa is running very smoothly. The majority of the feedback we’ve received from our end-users has been positive, especially regarding the communication and reports they receive. At this point, there’s nothing I’d want to change.”

Article in Finnish: Coop vahvisti kyberresilienssiä älykkään automaation ja Elisan asiantuntemuksen avulla

Cyber Security Outlook 2025: Navigating the Evolving Threat Landscape

Avainsanat

Kyberturva Kyberturvallisuus Kyberturvapalvelut