News   GLOBAL  |  Apr 02, 2020
 9.3K     0 
News   GLOBAL  |  Apr 01, 2020
 40K     0 
News   GLOBAL  |  Apr 01, 2020
 5.3K     0 

I used to just let those training videos play muted in the background, and sent all the phishing tests straight to the trash instead of reporting them.
 
I assume this is not practicable in all cases, but couldn't at least some of these cases be prevented by having a separation between employee work computers, and computers that have critical systems on them?

At my thankfully soon to be former job, it's pretty much anarchy when it comes to the computer system. As long as your site of choice is not blocked by the content filter you can pretty much go on to whatever site you want, and the same computers that are used by managers to access databases, trainings, emails, are also used at break times by employees who browse the internet casually. It seems to me like this is a great way to cause a cyber problem one day, but hey, that's just me...
 
The bank I work for does the random email tests, apparently there's a 80 percent pass rate which now requires not only not clicking the links, but also to actively report it as phishing too (there's a click button in Outlook they added for that).
More recently they've been doing phone tests too, with people calling in doing the old "Oh hi it's [insert name of actual employee] here. I'm rushing from a meeting to another right now with [insert actual client name] so can you quickly give me their account number so I can look it up on the system?"
2 It admin stories
- executive assistant bought $1k in apple gift cards because the "ceo" emailed her.
- as part of a pentest someone willingly gave up a password to someone over the phone because they impersonated me.

sigh...dont go into cybersecurity unless you really want to learn how true George Carlins quote actually is.
 
I assume this is not practicable in all cases, but couldn't at least some of these cases be prevented by having a separation between employee work computers, and computers that have critical systems on them?

At my thankfully soon to be former job, it's pretty much anarchy when it comes to the computer system. As long as your site of choice is not blocked by the content filter you can pretty much go on to whatever site you want, and the same computers that are used by managers to access databases, trainings, emails, are also used at break times by employees who browse the internet casually. It seems to me like this is a great way to cause a cyber problem one day, but hey, that's just me...
if your company has a "production network" like the platform that serves customers they have a few options
- restrict access with multiple access controls and different 2 factor authentication.
- require them to remote to a different computer before connecting.

That doesnt make it impossible to get in, but a little bit harder
 
I mean you could air gap them, but that's not really practical in these kinds of environments.
At my work the data is on infrastructure so old that only IT knows how to access it, and thus no one ever uses it. So I guess that's some kind of protection.
 
Sadly having dealt with this sort of stuff in person, there are so many different ways they can get in. Ironically very old equipment is almost less of a risk according to the consultants I dealt with.
 
1. Someone in a position of authority or that you know
2. Urgency
3. Call to action

Three flags to watch out for. It can happen to us all. When in doubt, slow down and try reach out to (1) before taking action.
 
I mean you could air gap them, but that's not really practical in these kinds of environments.
At my work the data is on infrastructure so old that only IT knows how to access it, and thus no one ever uses it. So I guess that's some kind of protection.
Yeah - air-gapping would make a lots of people’s jobs ridiculously harder. If you were annoyed about slowdowns before, imagine what would happen if you could only access email on a separate computer, and had to transfer things explicitly to a production computer/system. It’d be nutso.

I suspect the best we can do is more automated flagging, and really drilling into people that if you get an urgent ask from someone unexpected…reach out to that person out-of-band and confirm. That’s why banks tell you that if you get a text from them, call the number on the back of your card, for example.
 
Yeah - air-gapping would make a lots of people’s jobs ridiculously harder. If you were annoyed about slowdowns before, imagine what would happen if you could only access email on a separate computer, and had to transfer things explicitly to a production computer/system. It’d be nutso.

I suspect the best we can do is more automated flagging, and really drilling into people that if you get an urgent ask from someone unexpected…reach out to that person out-of-band and confirm. That’s why banks tell you that if you get a text from them, call the number on the back of your card, for example.
1. Someone in a position of authority or that you know
2. Urgency
3. Call to action

Three flags to watch out for. It can happen to us all. When in doubt, slow down and try reach out to (1) before taking action.
Doesn't even need to be an urgent ask, outside facing positions like accounting or receptionists, heck even HR if they publicly list their emails for application resumes can all have a legitimate way of receiving a payload
 
Doesn't even need to be an urgent ask, outside facing positions like accounting or receptionists, heck even HR if they publicly list their emails for application resumes can all have a legitimate way of receiving a payload
After hours?

In the old days, you'd just phone someone at home. Now they make impossible.
 
Just how does one manage to get hit by a large, slow, lumbering, highly visible streetcar that travels on a predictable path??
Slow walker who doesn't look to see if it is safe to close the street and thinks streetcars can stop on a dime. Some of those slow, lumbering, highly visible streetcar that travels on a predictable path are speedster and unable to stop on that dime. Without knowing all the facts, its only guessing as to what took place for this to happen.
 
Can you provide a source for that, please?

I know that a drug problem is rampant, but suggesting 10-30% of the people you meet on the street are on hard drugs, mentally ill, or both, is a staggering allegation, and it certainly does not seem to reflect the reality as I see it.
 

Back
Top