Educause Security Discussion mailing list archives
Re: A user granted with admin rights failed a phishing test
From: "Smith, Jason" <Jason_Smith () BSMCON EDU>
Date: Mon, 9 Nov 2020 19:49:01 +0000
The idea of fostering an open relationship with users is an important one, but at the end of the day a user who falls for a phish today (real or test) has signaled they present significantly more risk than your other users who avoided it. Hopefully additional training will help that person, but attackers iterate new attack methods much faster than we can train them (or even detect them). With all the tools out there for a support desk to quickly and easily grant a user temporary admin access in the increasingly rare situations where they would even need it – I would immediately pull the plug on admin rights for the test victim. With power comes responsibility. This question/conversation is a good reminder that all schools should have all staff & faculty on 2-factor for all remote access because some of them will get successfully phished (not a test) at some point. It’s inevitable. Jason E. Smith, MS PMP CPHIMS CSM Director of IT, Bon Secours Memorial College 8550 Magellan Parkway #1100, Richmond, VA 23227 [cid:image001.png@01D6B6A4.9BD30D00] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Munro Sent: Monday, November 9, 2020 2:15 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] A user granted with admin rights failed a phishing test Hi. I also think that punitive measures should not be taken. Our cybersecurity training platform automatically notifies the user they click on a phishing link, and assigns them a contemplative survey asking questions about why they clicked it. We also have the option to assign them a remedial phishing module, which I do for staff but not faculty. We say that no one will be reprimanded for clicking on simulated phishing links. We do not require our staff and faculty take cybersecurity training, so if they think they are going to be reprimanded due to opting into the training, fewer people will sign up for it. You want people to report security incidents (real ones especially), not be afraid to report them, hide them. If you punish clickers, they may try to hide the fact that they were really phished. You might be decreasing your security by taking a punitive approach. Cheers. Ken Munro ________________________________________ Ken Munro Security Compliance and Training Specialist Information Technology and Services Mount Saint Vincent University 166 Bedford Highway Halifax, NS B3M 2J6 (902) 457-6150 ken.munro () msvu ca<mailto:ken.munro () msvu ca> Confidentiality Notice: This email may be private and confidential. If you have received this e-mail by mistake, please immediately notify the sender by e-mail or telephone, delete it from your system, and do not copy or distribute it. Phishing Warning: IT&S does not request passwords or other personal information via email. Messages requesting such information are phishing attempts and should be deleted. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Jerry Tylutki Sent: Monday, November 9, 2020 3:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] A user granted with admin rights failed a phishing test I disagree that any punitive action should be taken. Phishing tests are in their nature deceptive and attempt to trap the individual; revoking access, potentially impacting the responsibilities of that person, is not the path I would take. Phishing campaigns are one part of a larger security education and training program. Raise awareness. Increase education. I am open and communicative when preparing to send out a phishing email -- I want the end users to expect it and be on the lookout for a phishing message. Nothing makes me more satisfied then when I get an actual phishing message forwarded to me with a "you can't trick me" type message. ------- Jerry Tylutki Information Security Officer Hamilton College (315) 859-4289 -- office *****The contents of this email are CONFIDENTIAL. If you have received this email by mistake, please notify the sender and delete the email and its contents.***** On Mon, Nov 9, 2020 at 12:28 PM Apollo Dalamar <apollodalamar () gmail com<mailto:apollodalamar () gmail com>> wrote: G'day Jared, I would most certainly revoke Admin Rights until the individual can pass some of the assessments associated with the Cyber Security Training. Allude the individual that there would be some form of auditing / supervision for a graceful period. In the interim, monitor appropriate audit logs for a graceful period to make sure the individual is adhering to protocols. Additionally, have the individual sign some form of legal binding paperwork with the understanding and acknowledging that the individual is obligated to operate within protocols and anything otherwise would result in some form of disciplinary action, with the prospect of work dismal. Cheers, Pete On Mon, Nov 9, 2020 at 10:48 AM Jared Evans <jared.evans () gallaudet edu<mailto:jared.evans () gallaudet edu>> wrote: Hello, I would ask about what actions are typically taken when a user who has been granted admin rights (limited to few workstations within their workspace) failed a phishing test with the user giving out the user credentials. Additional cybersecurity training is a given but are the admin rights temporarily revoked until the training is completed? -- [https://drive.google.com/a/gallaudet.edu/uc?id=0B06ctamGLs2hSzVkWTREblhkS0E&export=download] Jared Evans Information Security Officer Gallaudet Technology Services Gallaudet University jared.evans () gallaudet edu<mailto:jared.evans () gallaudet edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- A user granted with admin rights failed a phishing test Jared Evans (Nov 09)
- Re: A user granted with admin rights failed a phishing test Hiram Wong (Nov 09)
- Re: A user granted with admin rights failed a phishing test Apollo Dalamar (Nov 09)
- Re: A user granted with admin rights failed a phishing test Jerry Tylutki (Nov 09)
- Re: A user granted with admin rights failed a phishing test Ken Munro (Nov 09)
- Re: A user granted with admin rights failed a phishing test Rob Milman (Nov 09)
- Re: A user granted with admin rights failed a phishing test Dave Broucek (Nov 09)
- Re: A user granted with admin rights failed a phishing test randy (Nov 09)
- Re: A user granted with admin rights failed a phishing test Jerry Tylutki (Nov 09)
- <Possible follow-ups>
- Re: A user granted with admin rights failed a phishing test Smith, Jason (Nov 09)