Cybersecurity - Memes

1785 readers

384 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

[email protected]

535

Phishing (feddit.org)

submitted 1 month ago by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

If a single click on a phishing email can ruin the entire company, the blame doesn't lie with that individual.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 61 points 1 month ago (3 children)

That individual ABSOLUTELY has a piece of the blame.

[–] hipsterdoofus 30 points 1 month ago* (last edited 1 month ago)

In my time as a cybersecurity professional, my approach is always to blame the system, not the person.

If they clicked on a phishing link: 1) that email should never have reached their inbox, 2) that link should never have loaded, and 3) our awareness training is not up to snuff.

[–] [email protected] 29 points 1 month ago (1 children)

We have test-phishing mails sent by our IT-Sec team on a regular basis. There's usually an obvious one and a better made one. First round 10% clicked the obv. one, 99% the good one.

We had a lot of trainings after that.

Last year the numbers went down to 5% and 80%.

If your security concept relies on both of these numbers being zero, you're an incompetent hack trying to shift the blame on end users instead of doing your job.

[–] [email protected] 13 points 1 month ago

Thank you, that was my point! Shifting the blame on the user doesn't help anyone.

[–] [email protected] 5 points 1 month ago (1 children)

Clicking a link isn't supposed to have side effects, if it does someone else fucked up.

[–] [email protected] 2 points 1 month ago

Welcome to corporate phishing emails, then, where the page that loads scolds you for being an idiot and submits your name to the boss for automated remedial phishing training, which must be completed lest it also tells HR...