How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that...

15
SESSION ID: SESSION ID: #RSAC Emily Heath How To Improve Phishing Awareness by 300% in 18 Months HUM-T11 Global CISO AECOM @CISOEmilyHeath

Transcript of How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that...

Page 1: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

SESSIONID:SESSIONID:

#RSAC

EmilyHeath

HowToImprovePhishingAwarenessby300%in18Months

HUM-T11

GlobalCISOAECOM@CISOEmilyHeath

Page 2: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

OneWorldTradeCenter,NYC

EtihadTowers,AbuDhabi

InternationalTerminal,LAX

MillenniumPark,Chicago

2016RioOlympics

NYSubway

BarclaysCenter,NYCTaizhouBridgeYangtzeRiver,China

PortWashingtonGeneratingStation FillmoreWaterRecyclingPlant

HalleyVIResearchStation,Antarctica

WoodrowWilsonBridge,DC

FerrariWorld,AbuDhabi

HurricaneKatrinaRecovery&Reconstruction

Projects

AbuDhabiInternationalAirport

SentinelDataCenters

Settingthestage

AECOMScopeFortune500(#156)$20BillionRevenue100,000Employees150CountriesGlobally

Page 3: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

Introduction

3

Evidenceshowsthatastaggeringamountofincidentsbeginwithphishingemails

Wedecidedtofocusoureducationpredominantlyonphishing

Usingmultiplechannelsandmethodsofawareness

Wereducedour“clickrate”over300%in18months

TodayIwillsharesomeofthewayswefoundthatworkedforus

Page 4: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

TheBaseline

SimulatedPhishsenttoallemployeesglobally

30%ClickRate!

Page 5: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

After18Months…

SimulatedPhishsenttoallemployeesglobally

6.7%ClickRate!

Page 6: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

WhoWePartneredWith

6

Executives

CorporateCommunications

Marketing

GraphicsandDesign

HumanResources

YourITColleagues

Facilities/OfficeManagement

OtherPeopleofInfluence

Page 7: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

OurEducationProgram

7

• Importanttonotethatourphishingawarenesscampaignwasaugmentedwithotherawarenessactivities

• Don’tjustphishandexpectchanges• Usethedatatobestofyourability• Findwaystokeeptheconversationgoingregularlyandengagewithworkforceinmultipleways

• Lookforpositivereinforcement– i.e.whenpeoplereportphishingemails,etc

Page 8: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

Monthly

8

• Simulatedphishingexercisetoallemployees• Eventhoughwesendto150countries,wesendinEnglish,RussianandFrench• Workwithcorporatecommunicationsonpoliciesforyourorg• Whenemployeesclickthesimulatedphish– immediatelytakesthemtoeducationalsite

• CISOcommunicationwith“Clickers”• Everyonewhoclickedgoesintoanemailgroup• Emailexplainswhyphishingawarenessisimportant,andasksthemtotakephishingtraining• BCCthem..Nonamingandshaming• CISOmailboxaccountthatcanbemanagedbyyourteamifneeded

• “Clickers”takephishingtraining

• Chatter‘theme’eachmonthwithweeklyCISOposts

• Articleinenterprisenewslettertoaugmentthetheme

• Managernotes&securitymomentstoaugmentthetheme

Page 9: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

Quarterly

9

• QuarterlyphishingresultsdistributedtoExecutivesinregions• ExecutiveshadbeenbriefedbyCISObeforereceivingthese– importanttosetcontextandaskforhelp

• Distributionincludes“Top10”officelocationsbyregiontomakeitmoremeaningfullocally

• Phishingresultsatregion/countrylevelsharedonChatter

• Localcampaignsbasedonphishingresults– trainthetrainer• LocalITstaffusedtohelpwithlocalcampaigns– cyberbriefings,postcards,localawarenessetc

• SecurityQBRwithITleaders• Notphishingrelated– butimportanttokeepITengaged

• IncludekeypartnerslikeERM,InternalAudit,etc

• Securityawarenesspostertoallofficesplacedincommonareas

Page 10: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

Annually

10

• Securityawarenesstrainingannualprogram• Allemployees,tryandmakeitmandatory

• WorkwithHR,communicationsandtrainingteamstohelpyouwiththedelivery

• TrainingforallITstaff• TakeresponsibilitytotraintheITteam..Noteveryoneisasecurityexpert,helpthemunderstandwhyitmatters,sharerealincidents,askfortheirhelp

• Yearlylookbackonphishingcampaign• Annualresultssharedwithregionalexecutivesandsummariespostedonchatteraswellasfeaturedincorporatenewslettersetc

Page 11: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

AdHoc

11

• CISOinpersonCyberBriefings• Tryandmeetfacetofacewithemployeeswhereverpossible

• Executivebriefings• Youneedexecutivesupport– helpthemunderstandwhythisisabusinessdriver

• Tailoredtrainings/briefings

• Swag!

• Featuredspeakerinotherpeoplesstaffmeetings• Offeryourselfandyourteamtopresentatstaffmeetings,etc.

• Onboardingmaterials– setthetoneforyourorganization

• Securitymoments– beforeeverymeeting

• OutlookPhishingReporterButton– thebestthingweeverdid!!

Page 12: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

Observations&GeographicalDifferences

12

• Atfirstwereceivedmixedresponsesfromemployees• SomeQuotes….

• Soonbecamethenormal,andbecamecompetitive• SomeExamples….

• Whatwefoundinregions• SomeExamples…

• Veryimportanttoconsiderculturaldifferences• Localmaterialsinlocallanguagesreallyhelp• Makesureit’snottooUScentric- AsiaisdifferenttoAustralia,differenttoUK,MiddleEast,India,etc..• Leveragelocalexpertisetolearnhowpeoplebestrespond• Examples

• Makeitsafeforpeopletoruntowardyou,notawayfromyou

• Thereisnoshameinclickingaphish..Theshameisinnottellinganyoneaboutit!

Page 13: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

Summary

13

• Talkaboutsecuritytoanyonewhowilllisten– neededforculturalchange

• Findyourpartners,youcannotdoitalone

• Knowyouravailablechannels

• Takeownershipoftrainingandeducatingeveryone

• Noteveryoneisacyberexpert– maketrainingrelevanttothem

• Usetheclickdatatothebestofyourability- peoplelovestatisticsandcompetition!

• Havefunwithit!

Page 14: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

ThingsYouCanDotoApplyIt

14

3Months• EstablishregularITbriefings

• Establishwhichchannelsareopentoyoutocommunicatewithyouremployees

• Beginengagingwiththeemployeepopulation–chatter,articles,posters,etc.

NextWeek• Understandyourstatistics

• TalkTalk Talk aboutsecurity

• Makeiteasyforpeopletocontactyourteamwithquestions

• Makeiteasyforpeopletoreportphishing

6Months• Lookatwaystodo

simulatedphish

• Educateyourcompanyontheirphishingstatisticsandturnitintoeducation

• Looktoimplementthereporterbutton

Page 15: How To Improve Phishing Awareness by 300% in 18 Months · #RSAC Introduction 3 Evidence shows that a staggering amount of incidents begin with phishing emails We decided to focus

#RSAC

ThankYou!Q&A


Radiological Safety Analysis Computer (RSAC) Program ... Shared Documents/RSAC-7.pdf · The Radiological Safety Analysis Computer (RSAC) Program Version 7.2 (RSAC-7) is the newest

Radiological Safety Analysis Computer (RSAC) Program ... Shared Documents/RSAC-7.pdf · The Radiological Safety Analysis Computer (RSAC) Program Version 7.2 (RSAC-7) is the newest

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

RSAC - Born APT died IOC - Stefano Maccaglia

RSAC - Born APT died IOC - Stefano Maccaglia

Shed Staggering

Shed Staggering

Phishing - Study Mafiastudymafia.org/wp-content/uploads/2015/03/CSE-phishing-report.pdf · Phishing software and computer programs are designed to prevent the occurrence of Phishing

Phishing - Study Mafiastudymafia.org/wp-content/uploads/2015/03/CSE-phishing-report.pdf · Phishing software and computer programs are designed to prevent the occurrence of Phishing

Securosis Guide to Rsac 2015

Securosis Guide to Rsac 2015

THE STAGGERING ECONOMIC IMPACT OF THE CORONAVIRUS …filesforprogress.org/memos/the-staggering-economic... · 2020-04-09 · THE STAGGERING ECONOMIC IMPACT OF THE CORONAVIRUS PANDEMIC

THE STAGGERING ECONOMIC IMPACT OF THE CORONAVIRUS …filesforprogress.org/memos/the-staggering-economic... · 2020-04-09 · THE STAGGERING ECONOMIC IMPACT OF THE CORONAVIRUS PANDEMIC

Staggering effect of social media

Staggering effect of social media

Phishing - CERT.hr · 2018. 5. 29. · phishing poruku uvjerljivijom. 2.1.1 Lažno predstavljanje Kako bi phishing poruka bila uvjerljiva, i time cijeli phishing napad uspio, prvi

Phishing - CERT.hr · 2018. 5. 29. · phishing poruku uvjerljivijom. 2.1.1 Lažno predstavljanje Kako bi phishing poruka bila uvjerljiva, i time cijeli phishing napad uspio, prvi

Learn and enjoy at RSAC 2017

Learn and enjoy at RSAC 2017

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails.

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails.

Phishing and Anti-phishing techniques

Phishing and Anti-phishing techniques

2017 02-17 rsac 2017 tech-f02

2017 02-17 rsac 2017 tech-f02

Mobile Phishing Protection · Mobile Phishing Protection Anywhere Zero-Hour Protection Against the Broadest Range of Phishing Threats for iOS and Android SlashNext Mobile Phishing

Mobile Phishing Protection · Mobile Phishing Protection Anywhere Zero-Hour Protection Against the Broadest Range of Phishing Threats for iOS and Android SlashNext Mobile Phishing

Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Phishing - Fred 151 · 2020-03-21 · di Phishing. 2 Identificare Come riconoscere il Phishing. Cosa fare se siamo vittime di Phishing 3 Esempi Esempi di email di Phishing. 4 Test

Phishing - Fred 151 · 2020-03-21 · di Phishing. 2 Identificare Come riconoscere il Phishing. Cosa fare se siamo vittime di Phishing 3 Esempi Esempi di email di Phishing. 4 Test

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

RSAC 2015 - Vulnerability Management Nirvana

RSAC 2015 - Vulnerability Management Nirvana