One wonders if the use of a certain proprietary operating system had anything to do with the ease with which this occurred? And who would hold that company to account? Whilst spear phishing happens, it is not the low-hanging fruit. …preaching to the converted…
Can’t imagine what astronomical figures we might get worldwide.
In all those breaches, somehow the human factor pops up.
I am no security expert by no means, although I took a security course at CS, humans are always the loose end.
Yes, there are exploits and vulnerabilities, but social engineering is sometimes, if not always the low hanging fruit.
As a experiment, I asked a security personnel to a date/coffee, she came wearing her tag with all credentials. Took a photo discretely, breached in in her vault later on.
She went mad, called me names and all that I was using her and all that.
No, I was just levering human traits and ego.
And no, I will not ask for a date as a married man and have a fling. That was the part of the plot, and she took the bait, sink and more.
Guess she will hate me forever. I only care if my spouse is happy and my paycheck lands in my account.
Unfortunately. I couldn’t agree more.
You are probably right.
In our company we have some fake phissing emails from the security department. They were testing how many users would cause a security breach for the company.
The emails were structured to first degree risk - click on a link in the email; and the second degree - download .exe file from a site on that link.
In some scenarios (mostly some invoice check and FedEx package tracking) it was about 40% that would download the file - that was thousands of people.
Yes, and hopefully the pointy hairs at the top took notice and began training right away?? Mmm, not holding my breath either.
I think in out case it would be more efficient to focus on improving spam filtering algorithms than to educate people.
I know some cases that are clicking on every link in email. As they say it is a protest to the fact that the company is sending these fake spam emails.
From my previous security experience, (unless they were warned in some fashion), the ones at the top are the WORST at falling for scams and security practices.