Andreas Gross reached groggily for the ringing phone by his bed, noting that it was a little past midnight. He was not surprised when he found himself talking to one of the executives at his company. The executive had received a suspicious email, and was now worried that by opening the email he may have done something wrong.

It wasn’t the first such call, and Gross doubted it would be the last. Tricentis, where Gross serves as VP of IT, had been suffering a rash of sophisticated, highly targeted spear-phishing attacks, most of them aimed at C-level executives. While none of these attacks had so far been successful, Gross knew it was only a matter of time.

As a leading global provider of continuous-testing tools for enterprise Agile and DevOps teams, Tricentis boasts a list of customers that include some of the world’s largest, most tech-integrated enterprise-scale organisations. The potential costs of a successful attack—which could expose critical, highly confidential customer data to criminal hackers—was incalculable. Gross knew that something had to be done to harden Tricentis’ email security