The group had a good conversation about both business email compromise and social engineering. They also discussed how people processes and technology factor into these issues. It only takes one person to fall victim to cause and issue. The group started by discussing what each of their companies were doing to help educated employees. One of the more creative approaches that one company uses involves a series of videos which shows how phishing schemes are deployed from the hacker’s point of view and voice. This method is followed by having the HR person the hacker was imitating coming in and explaining how they would send an email and how it would differ from the kind of things featured in the video. More companies have also worked more to get their board and higher level executives involved in the learning and hygiene process. To further emphasize the idea of how it only takes one person to cause a chain reaction that can hurt the whole organization, one company used the potent metaphor of a tower of Jenga blocks and how it just takes one block being pulled to cause the rest of the tower to collapse.
The group also spent time talking about ways to improve reporting. Some suggestions included streamlining the overall reporting process to something as simple as a button push which could alert the SOC team of suspicious emails or insider activity. Another big element was making people less reluctant to report. There is a notion that if someone does fall for a phishing scheme, that they’re going to get in trouble and don’t want to admit it was them. However, alerting the security team of an incident like this earlier on is critical to ensuring overall company safety as well. This too is part of the education and remediation process. Another suggestion that was posited was to have executives and other higher level organizations members discuss how they too have fallen victim to phishing schemes before and how it can happen to anyone.
Another discussion arose around the topic of repeat offenders and what needs to be done with these individuals. Suggestions included requiring additional training for them and doing more to understand what it is that causes them to fall prey to these types of attacks. This also led to a discussion about the role of social media in the workplace. From a security standpoint, companies want to make sure they’re keeping everything locked down and secure, but don’t want to hinder some of the advantages that social media can provide. The group also talked about how fake social media pages and LinkedIn accounts have been used for phishing scams. One member of the table talked about how someone had created a fake LinkedIn page for one of their company’s recruiters.
When the discussion turned to solution options, the group talked about how the move to cloud and the use of things like Office 365 have caused them to look more into CASB solution options.