Did I Do That? The Human Factor in Cyber
Carla Donev Chief Information Security Officer NiSource
NiSource | NYSE: NI | nisource.com | PREMIER REGULATED UTILITY BUSINESS Operating in Diverse Footprint with Constructive Stakeholder Relationships
SIGNIFICANT SCALE ACROSS SEVENSTATES
COLUMBIA GAS OF KENTUCKY ~3.5M Gas Customers COLUMBIA GAS OF MARYLAND ~500K Electric Customers
COLUMBIA GAS OF MASSACHUSETTS ~8000 Employees NATURAL GAS COLUMBIA GAS OF OHIO
COLUMBIA GAS OF PENNSYLVANIA
COLUMBIA GAS OF VIRGINIA
NIPSCO GAS
ELECTRIC NIPSCO ELECTRIC
NI LISTED COMPELLING ANNUAL 8%-10% TOTAL SHAREHOLDER RETURN PROPOSITION* NYSE
Delivering on Commitments to Customers, Communities, Employees and Investors
* Estimated total shareholder return at a constant P/E ratio
2 NiSource | NYSE: NI | nisource.com | 2 WHAT IS SOCIAL ENGINEERING?
NiSource | NYSE: NI | nisource.com | 4 DID YOU GET THIS EMAIL?
NiSource | NYSE: NI | nisource.com | 5 DID YOU GET THIS EMAIL?
NiSource | NYSE: NI | nisource.com | 6 DID YOU GET THIS EMAIL?
NiSource | NYSE: NI | nisource.com | 7 DID YOU GET THIS EMAIL?
NiSource | NYSE: NI | nisource.com | 8 WHAT IS PHISHING?
NiSource | NYSE: NI | nisource.com | 9 PHISHING IS A PART OF EVERYDAY LIFE…
NiSource | NYSE: NI | nisource.com | 10 PHISHING ATTACKS PRY ON EMOTIONS
NiSource | NYSE: NI | nisource.com | 11 LOOK FOR CLUES IN SUSPICIOUS EMAILS
NiSource | NYSE: NI | nisource.com | 12 THE “BUSINESS” OF PHISHING
Increase in 2,370% financial losses from BEC/EAC
Actual and $5.3 attempted loses Billion from BEC/EAC USD
131 Impacted by Countries BEC/EAC scams
FBI, “Business Email Compromise (BEC) Email Account Compromise (EAC): The 5 Billion Dollar Scam,” May 4, 2017 NiSource | NYSE: NI | nisource.com | 13 HOW TO REDUCE RISK?
1) PROTECT
2) AUTHORIZE
3) AUTHENTICATE
4) SIMULATE
NiSource | NYSE: NI | nisource.com | 14 RECOGNIZE THESE COMPANIES?
NiSource | NYSE: NI | nisource.com | 15 NISOURCE CYBER AWARENESS PROGRAM
CYBER WARRIOR CYBER PROGRAM AMBASSADORS Award individuals who have As Change Network members assisted in keeping the you will also serve as Cyber enterprise secure, through Ambassadors that promote their actions of reporting cybersecurity awareness. possible security issues, or promoting cybersecurity through their daily SECURITY BLOG responsibilities. Learn about more cyber security, why it's important, ROADSHOWS how you can further protect The Cyber Security team will travel yourself at home, and what's to every Tier 1 location at least currently happening in the once a year to bring Cybersecurity cybersecurity world. awareness. EMPLOYEE EDUCATION Educating all employees on how to identify and evaluate threats, vulnerabilities, and risks specific to his or her role in the organization.
NiSource | NYSE: NI | nisource.com | 16 THE CYBER WARRIOR PROGRAM
Be proactive & report any potential security concerns
Report “Phishy” emails or suspicious links MONTHLY CYBER WARRIORS ANNOUNCED Report Social Engineering* calls or suspicious activity
Always lock computer when leaving desk
Use strong passwords
All employees have an opportunity to become a Cyber Warrior by proactively demonstrating effective security best practices and championing information security through their daily responsibilities.
NiSource | NYSE: NI | nisource.com | 17 GETTING EMPLOYEES ENGAGED
Report possible phishing or harmful emails to Security / Participate in Cybersecurity Phishing mailbox Awareness Fairs and booth contests branded swag Contribute to IT Security Program that protects critical Proactively report potential user data and systems activities or processes that may lead to a compromise if or continued
AWARDS
Significant contribution to IT Security Awareness Report a security event that Program prevents significant compromise or harm to NiSource
Individuals will be awarded who go above and beyond their everyday responsibilities to keep NiSource secure, through their actions of reporting possible security issues, or promoting / championing information security through their daily responsibilities.
NiSource | NYSE: NI | nisource.com | 18 BUILDING AWARENESS
BUILD AWARENESS SOLICIT FEEDBACK PREPARE EMPLOYEES OFFER INSIGHTS • Become familiar with IT • Ask employees what • Demonstrate examples of • Share insights to improve Security Awareness questions they have about being a Cyber Warrior the program Program the program • Partner with leaders to • Assess employee readiness • Share the slides with your • Listen to concerns and recognize Cyber Warriors and offer feedback to team and encourage successes of the month improve communications employees to become • Share questions to help • Direct employees to • Help elevate awareness Cyber Warriors build FAQs available resources based on reporting results • Discuss the awards program • Become a Cyber Ambassador
NiSource | NYSE: NI | nisource.com | 19 EDUCATION IS KEY
EMPLOYEE EDUCATION Understand how to identify and evaluate threats, vulnerabilities and risks specific to your role in the organization.
20
NiSource | NYSE: NI | nisource.com | 20 REMOVING ADDITIONAL THREATS
The use of online Malvertising advertisements to spread malware.
Reduce the amount of Malvertising and further protect NiSource and our personal Communication assets from a cyber attack.
The frames on the web page that Web Browsing contain banners will be changed to a blank page.
NiSource | NYSE: NI | nisource.com | 21 BLOCKED ADVERTISEMENTS
Page without policy to block advertisements:
Page with policy to block advertisements:
NiSource | NYSE: NI | nisource.com | 22 TRUSTED EMAIL BANNERS
Emails sent from trusteed sources will have the following green tag line located at the top:
All other emails sent from external sources will continue using the following red tag line:
NiSource | NYSE: NI | nisource.com | 23 NISOURCE PHISHING BY THE NUMBERS
NiSource | NYSE: NI | nisource.com | 24 NISOURCE REPEAT OFFENDERS
4.68%
12.27%
53.21%
29.84%
Never Clicked Clicked 1 Clicked 2 Clicked 3+
NiSource | NYSE: NI | nisource.com | 25 WHAT’S NEXT?
NiSource | NYSE: NI | nisource.com | 26 NiSource | NYSE: NI | nisource.com | 27