Gone Phishing: Lessons from UNB's 2015-2016 Social Engineering Campaign

In fall 2015 the University of New Brunswick launched its first-ever year-long cybersecurity awareness campaign for faculty, staff and students. A key component of that campaign was an active phishing simulation / education... [ view full abstract ]

In fall 2015 the University of New Brunswick launched its first-ever year-long cybersecurity awareness campaign for faculty, staff and students. A key component of that campaign was an active phishing simulation / education program designed to improve resiliency against common e-mail based social engineering tactics.

Social engineering lies at the root of nearly 90% of the major data breach investigations launched by the FBI in the past few years and a variety of studies have identified it as a key risk in cybersecurity.

After suffering several successful compromises and a successful financial fraud as a result of e-mail based social engineering, the University of New Brunswick needed to act to address this growing risk.

During this session David Shipley, director of strategic initiatives for the Information Technology Services department at UNB, will talk about the rationale for pursuing funding for phishing awareness, the partnership with risk management, the selection of the PhishMe Software-as-a-Service platform as well as the implementation and execution of the social engineering awareness effort.

David will also share key insights from UNB's campaign including phishing response rates, examples of the most successful generic and custom social engineering tactics as well as insights into how the program has reduce UNB's social engineering risk from phishing e-mails.

Participants in this session will leave with a greater understanding of phishing risks in higher education and a clear example of an effective effort to combat this threat.