Cofense Submerge Topics: 2018

Join us at Cofense Submerge for more than 35 sessions and trainings delivering knowledge you can immediately use in your anti-phishing program. With a mix of How-To, Use Cases, Best Practices, Speed Talks, and Training across all levels, from beginner to advanced. See below for some of the topics and sessions to be covered.

Click here for a downloadable PDF version.





The Advantages of Cofense in a Complex, Multi-platform, Click-rate Crazy, Super Huge Environment The Global Heads of Security Awareness and Cyber Response, along with the security awareness team, will discuss standing up a program in a complex environment; our internal challenges getting it right with Cofense Triage; our successes with Cofense analytics team support; and pushing for a resiliency rate when all they can see is a click rate.The phish training program is 3 years old and covers a complex, multi-brand, highly regulated set of business units with ~55,000 FTE and Contractors at a Global Financial Services firm and ~20,000 (FTE and Contractors) at an Insurance company working in a mixed email platform environment. This presentation will cover the use of Cofense PhishMe, Triage, and the Cofense analytics team, as well as finding a workaround when the phish reporter button is only partially rolled out in both email platforms. Intermediate / Advanced Best Practices
How One Company Uses the Cofense Product Suite to Develop an Effective Global Security and phishing Awareness Program This company has team members worldwide and started using Cofense PhishMe in August 2015, and soon added Reporter, Triage and Intelligence to its phishing program. In less than 2 years, the program matured, resulting in low susceptibility rates combined with over 50 percent reporting rates. They use all of Cofense’s products to help reduce its risk and minimize the chance of attack. Today team members are quick to report suspicious emails instead of deleting them, allowing the security team to analyze these emails and if needed remove them from user mailboxes. Intermediate / Advanced Best Practices
Phishing Awareness for Financial Advisors Financial Advisors are a unique target for criminals, particularly those targeting account take-overs and fraudulent transactions. At LPL Financial, our phishing program and awareness spans not only our corporate users but targets 30,000 financial advisors and staff, with the future passions, dreams, and goals of the community… all at risk of going down the drain with one click. Intermediate / Advanced Best Practices- Industry
Case-Study – Improving Phishing Resiliency while Scaling Our Awareness Program Globally In this session, we will discuss our experience at the IMF with improving our user resiliency (reducing click rates and improving reporting rates) to phishing across our users in over 100 countries. We will also discuss lessons learned with increasing user engagement and improving secure digital habits of users globally, even with a tight budget. Attend this session and learn how to leverage the ecosystem of business functions in your organization to make your user culture more cyber- security conscious. Intermediate / Advanced Best Practices- Industry
Education vs. Training vs. Conditioning The purpose of this presentation is to demonstrate the difference between the three, especially how each builds knowledge, skills, and abilities. Knowledge, the lowest level of information transfer, does not by itself help you stop phishing attacks in progress. By using training (through Cofense PhishMe) you can build the skills necessary to spot suspicious activities. This increases the likelihood that people will report suspicious emails to give IR folks the information to stop attacks.
This talk will focus on two areas within the PhishMe product. First, it will cover proper reporting metrics. Susceptibility and time spent on education are not the metrics that help guide this type of conditioning. The focus on reporting emails shows the level of success a solid program should focus on. Secondly, the talk will cover proper preparation. For example, using email templates that replicate real world attacks will better prepare end users. This portion will focus on using Cofense Intel emails to help create an environment that gives end users a look at what they will likely see when being phished. The recommendation will be to start with templates that are easy to spot, to condition users to use the Reporter button, and then gradually increase the complexity once the reporting metrics reach a comfortable level.
Advanced/Training How To
Cofense Integrations: Use Cases Cofense Product Solution Engineering will discuss integrations use cases. Advanced/Training How To
Beyond Board Reporting Utilizing the Cofense Board Report as a starting point, we will show how two of its key components assist in the development of Value at Risk analysis. Attendees will walk way:
– Understanding which components of a Board Report are needed to develop a VaR Analysis.
– Knowing how to structure a VaR analysis to assist in the visualization of risk reduction opportunities.
– Better enabled to articulate the value of their anti-phishing program.
Advanced/Training How To
What is the Board Report and how is it created? This session will walk through why we created the Board Report, how the team generates the report and what is included in your customized report. Beginner How To
Cofense Certification Preparation – PhishMe and Triage This session will provide an overview of Cofense Certification Programs. Beginner How To
Cofense PhishMe Tips & Tricks: Hidden Features Do you know all the hidden features in Cofense PhishMe? Come to this session and learn some new tips & tricks to advance your program. Advanced/Training How To
Building Resiliency across Changing Roles: New Hires, Repeat Clickers, and High-Value Targets  New hires are one of the most susceptible user groups in any organization. Learn to engage them separately with an active anti-phishing program, since most have never been exposed to anti-phishing training materials. Susceptibility rates for brand-new employees are typically high, but we know that untrained users need education and reinforcement, starting with basic scenarios. By immersing new hires in anti-phishing, you can quickly build resiliency among these at-risk users. Intermediate / Advanced How To
Making the Most of Cofense PhishMe Content – Templates, Education, and Customization Phishing is still a major threat. Attackers are innovating their tools, using multiple methods, and they’re talking to each other. When planning for your simulations in Cofense PhishMe, you need to account certain variables. How do you choose an email template? Are you unsure how to make changes to an email or related education? The Content Development team at Cofense is here to help. We’ll show best practices for creating phishing emails and education for a simulation, highlighting some simple customizations that don’t require a master’s degree in HTML, and provide insight into how we create the content for Cofense PhishMe. Intermediate / Advanced How To
When the IT Hits the Fan, Have an IR Plan Incident response is critical for any organization. The effectiveness of your IR plan can determine whether your organization will sustain and recover from a cyber-attack. With the steady rise in cybercrime, companies must make sure they have a sound plan to address every type of attack and prevent multi-million dollar breaches. As with any process, the incident response plan needs continuous testing and review to ensure it remains effective. This talk will highlight three key aspects of the IR plan where most companies fail. We will identify common pitfalls and offer suggestions on how to improve. These three areas include: Identification, Eradication, Lessons learned Advanced/Training How To
Always Look a Gift (Trojan) Horse in the Mouth A phishing email prompts you to download a file. What do you do next? This talk will give people interested in reverse engineering/malware analysis a variety of tools and techniques to help you to analyze suspicious executables in a safe manner. Intermediate / Advanced How To
Using Phishing Awareness to Influence Users, the Business, and IT This talk will outline ways to use real world phishing campaigns as custom templates in phishing awareness simulations, so that Security Operations teams can replicate attacks seen in their environment. Learn to use the metrics from these custom campaigns to influence management and/or IT.
This strategy offers user awareness to end users, but also helps security professionals to provide metrics that prove their findings and influence organizational change. Example: fake login pages to push the need for multi-factor authentication.
Intermediate / Advanced How To
You Can’t Phish Without a Hook: Keys to Successful Enterprise Adoption This presentation will focus on core success factors in incorporating an anti-phishing campaign within a security education program. Long-term success starts at the very beginning and must include the ability to obtain executive buy-in, pre-planning/strategy, and documented goals/objectives. You will learn how to plan out your program to ensure successful adoption whether your program is new or existing. Intermediate / Advanced How To
Leveraging Threat Intelligence in Your IT Ecosystem This session will cover how to proactively and reactively use threat intelligence across all aspects of people, process, and technology (with an emphasis on the latter). The presentation will blend Cofense-specific use-cases and functionality and other tools/products that customers may have. Attendees will benefit by learning tactical, operational, and strategic uses of cyber-threat intelligence, and how Cofense can play a big part in that ecosystem. Advanced/Training How To
Cofense Triage: What’s in a Rule? Rules that are created in the Cofense Triage appliance make your life easier. But what decisions go into making these rules? How do we make effective rules? This presentation will use real-life examples to illustrate ways to approach making rules in Triage. We will be covering all five Triage categories (non-malicious through advanced threats), creating general rules to help alert other Triage analysts, and ways to use rules to help identify phishing campaigns. Advanced/Training How to
Triage Use Case TBD Intermediate / Advanced How to
19 Minutes?  How Cofense Triage and Managed Triage Work We will cover the use case that allowed a customer to mitigate a phishing campaign in 19 minutes, as well as the capabilities of the Phishing Defense Center. Beginner Use Case
Bringing It All Together: Cofense Solutions Overview  What does a holistic phishing defense program look like? Following the timeline of an example attack, we will demonstrate how to use all of Cofense’s products make the anti-phishing portion of our defense in-depth as robust as it can be. In this talk, we will discuss how we can use reporting from Triage and information from Intelligence to help feed content scenarios in our enterprise environment. We will also discuss how we can use Cofense Intelligence rules in Triage to respond to phishing campaigns both in real time and proactively. We will examine how feedback from Triage can help identify areas in your phishing defense that may need more work. At the end of the talk, participants should have a better understanding of how Cofense products work together to build a comprehensive phishing defense program. Beginner Use Case
Phishing Trends, Attacker Behavior and How to Use Intelligence to Make Sense of It All When security resources, staff, and budget are at a premium, tracking phishing trends and the types of attacks in play becomes more important than ever. During this year, Cofense Intelligence™ has reported on the continued development of malware delivery techniques, expanded malware capabilities, and the complex dynamics of ransomware activity. Join Intelligence Analyst Neera Desai for this exploration of 2018’s phishing trends and the most definitive attacks of the year. Learn how to implement phishing intelligence and optimize your results. Advanced/Training Use Case
Risk Profile through a Social Media Lens Social media use is common in today’s workplace. That’s why organizations need to re-evaluate their acceptable use policies—or create them if they don’t exist. With the lack of social media governance, organizations are increasing their risk of attack and are susceptible to loss of revenue, theft of data, and regulatory nightmares. Employees are unknowingly uploading posts that exploit proprietary organizational assets and work-related emotions, that social engineers leverage to launch enticing phishing attacks. We need to take a step back and ask what the purpose of social media use in the organization is.  in this presentation, learn to analyze current policies, conduct a threat analysis, and train employees to build resiliency to phishing attacks. Intermediate / Advanced Use Case