Implementing an Enterprise Phishing Program & Lessons Learned

Similar documents
Competitive Matrix - IRONSCALES vs Alternatives

Evolution of Spear Phishing. White Paper

Automatic Delivery Setup Guide

BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST FRAUD

PEOPLE CENTRIC SECURITY THE NEW

Building a Resilient Security Posture for Effective Breach Prevention

Microsoft Security Management

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

The Fight Against Phishing: Defining Metrics That Matter

Automatic Delivery Setup Guide

Cybersecurity The Evolving Landscape

Embedding Privacy by Design

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

Sectigo Security Solution

On the Radar: IronScales offers anti-phishing defense suite

Virtru Data Protection

Signature. Manager for Enterprise

RED HAT INSIGHTS. Security & Proactive Response with Insights

NERC Staff Organization Chart 2015 Budget

Unified Communications from West

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Certified Information Security Manager (CISM) Course Overview

WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

Office 365 Business The Microsoft Office you know, powered by the cloud.

CloudSOC and Security.cloud for Microsoft Office 365

NERC Staff Organization Chart

Overview... 3 Provisioning Sites for Security Awareness Training... 3 Understanding Phishing Simulations... 6 Understanding Types...

The Quest for Independence - Information Security Management Pyramid. Mikhail Utin, CISSP, PhD, Daniil Utin, MS and Rubos, Inc.

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

DHS Cloud Strategy and Trade Nexus. May 2011

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

OpenText Fax Servers and Microsoft Office 365

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

One Hospital s Cybersecurity Journey

ISE Canada Executive Forum and Awards

Security and Compliance for Office 365

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

INTELLIGENCE DRIVEN GRC FOR SECURITY

MaaS360 Secure Productivity Suite

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions

Larry Clinton President & CEO (703)

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

Cyber Security Guide for NHSmail

Cyber Insurance: What is your bank doing to manage risk? presented by

Information Security Governance and IT Governance

Machine-Powered Learning for People-Centered Security

CYBER RISK MANAGEMENT

Trustwave SEG Cloud BEC Fraud Detection Basics

Managing SaaS risks for cloud customers

Secure access to your enterprise. Enforce risk-based conditional access in real time

Information Technology Procedure IT 3.4 IT Configuration Management

CISO as Change Agent: Getting to Yes

10 FOCUS AREAS FOR BREACH PREVENTION

Deliverability 2016: It s beyond just reaching the inbox

Security & Phishing

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

Solutionary helps prepare for the inevitable

NERC Staff Organization Chart Budget 2018

Hello! we are here to share some stories

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

CALL FOR EXPRESSION OF INTEREST (EOI N PTD/15/101) Enterprise Content Management (ECM) Implementation. Annex II BACKGROUND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Twilio cloud communications SECURITY

Securing Office 365 with SecureCloud

Security Awareness at Unitil Corporation

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Teradata and Protegrity High-Value Protection for High-Value Data

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Data Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform

Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey

Security Awareness, Training, And Education Plan

SharePoint. Team Site End User Guide. Table of Contents

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

A Data-Centric Approach to Endpoint Security

SUBJECT: REQUEST FOR PROPOSALS FOR HARBOR DEPARTMENT CLOUD COMPUTING SERVICES

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017

Incident Response Agility: Leverage the Past and Present into the Future

PageUp Streamlined Its Review & Approval Process 200% Faster with Hoosh s Newly Upgraded Template Builder - CommsBuddy.

TechAdvantage March 5, Mark Peterson Supervisor of Operations Engineering. Ron Schmitz Manager of Information Services

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

IBM Resilient Incident Response Platform On Cloud

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Evolution of a Phish That Got Through the Net[work]

Virtual Machine Encryption Security & Compliance in the Cloud

Spotlight Report. Information Security. Presented by. Group Partner

Demonstrating Compliance in the Financial Services Industry with Veriato

On the Surface. Security Datasheet. Security Datasheet

2018 Edition. Security and Compliance for Office 365

SIEM: Five Requirements that Solve the Bigger Business Issues

Case Study: Security Implementation for a Pharmaceutical Company

Lance Spitzner.

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

DMARC ADOPTION AMONG. SaaS 1000 Q Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok

Petroleum Refiner Overhauls Security Infrastructure

Quick Heal Mobile Device Management. Available on

Transcription:

Implementing an Enterprise Phishing Program & Lessons Learned

Events that drove the Project u Increase in Business Email Compromise (BEC) attempts u Increase in Wire Transfer Requests via Spoofed email u CEO Spoofed emails u Several attempts to CFO via email u CFO responded once, then realized it was a spoofed email. u Many other departments also receiving spoofed emails from CEO/CFO u Phone calls impersonating CEO asking for Wire Transfers u Lack of employees following annual training guidance and ad-hoc alert communications. Needed another layer.

Two products for PoC u Focus was on Phishing Awareness and Correcting Negative behaviors. u Solution needed to be SaaS u Ability to report Phishing Attempts required u Budget conscious u Multi-Language Support Products selected for live Proof of Concepts: u PhishMe u KnowBe4

Proof of Concept Summary u Aligned approach with critical department heads u Legal u Compliance u HR u IT u Internal Audit u Two Live tests with approximately 200 employees each with master Finance Roles in our ERP system. u Goal was to determine ease of use with tool, feature capabilities, and reporting functionality

Baseline Tests SCOPE: 180 ERP users 20 Highly Visible email addresses found publicly on the internet Test lasted 5 days. SCENARIO: Click Only email scenario. Simulated an attached PDF from an external multi-function device. Clicks on the View link counted as a Clicked Link

Baseline Results! 27% CLICK RATE!!

Time to Choose a Platform u Although platforms were very comparable, we chose PhishMe u Long and trusted history with vendor u PhishMe purposely does not use Copyright images in their scenarios u Support team was very prompt u Good multi-language support u PhishMe Reporter prompts default to system language

Program u Baseline tests were done without advanced notice u Communication campaign launched u Announced the Phishing program globally u Announced the new way to report Phishing attempts u Announced exclusive prize for first employee to correctly identify and report via PhishMe button a phishing scenario u Summary emails of how the company did at the end of each scenario. u Publically celebrate the first employees to report and announce that they won a prize.

Report Phishing Attempts u Outlook add-in button for reporting Phishing attempts u Announced and added via SCCM to all users Outlook ribbon u Also shows up via right-clicking an email in the Outlook inbox u End user action is identical regardless of real or scenario Phish u Reporter displays different messages when clicked u If real Scenario, displays Congratulations! You have correctly identified a phishing attempt, thank you for keeping us safe! u If real Phish, displays Thank you for reporting the phishing attempt. The message has been routed to the InfoSec team for appropriate action.

Progam Announcment [Custom Emails Details Removed]

Reporter Announcement [Custom Emails Details Removed]

Trends

Repeat Offenders u After first three scenarios, 275 users had a 100% click rate u This represents about 8% of our workforce apparently will click and open anything. u Future thoughts provide additional live training to repeat offenders u Determine threshold at which point you notify employees manager u Determine if we take further action for repeat offenders

Lessons Learned u We allowed external emails spoofing our domain to come in. u This has been stopped. u Lots of whitelisting u Focus on correcting negative behaviors in a positive way u Communication is required u Partner with Infrastructure, Legal, Compliance, HR u Infrastructure may be your Triage team u Lots of spam being reported as phishing. u Goal is to train users what Phishing really is, and to report Phishing and not spam

Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback