If a single click on a phishing email can ruin the entire company, the blame doesn’t lie with that individual.

  • cron@feddit.orgOP
    link
    fedilink
    arrow-up
    41
    arrow-down
    1
    ·
    5 months ago

    True, in many cases there is a whole chain of vulnerabilities and misconfigurations, and everything starts with one phishing mail. For example:

    • successful phishing
    • VPN without 2FA, allowing the attacker access to company services
    • internal services with vulnerabilities, allowing the attacker to compromise a server
    • permission misconfiguration, allowing lateral movement

    That was the point of this meme. It is not phishing alone that gets the company in trouble, its mostly a series of misconfigurations.

    I think that in cyber security, we have to assume that phishing will be successful sometimes - and be prepared when it happens.