this post was submitted on 15 Jul 2024
498 points (96.3% liked)

Cybersecurity - Memes

1965 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

If a single click on a phishing email can ruin the entire company, the blame doesn't lie with that individual.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 90 points 3 months ago (2 children)

There are very few one click total compromises out there.

Most of the time clicking on the link will get to a phishing page to harvest credentials or prompt to download a zip or pdf which has the actual malware exploit/payload.

[–] [email protected] 38 points 3 months ago

True, in many cases there is a whole chain of vulnerabilities and misconfigurations, and everything starts with one phishing mail. For example:

  • successful phishing
  • VPN without 2FA, allowing the attacker access to company services
  • internal services with vulnerabilities, allowing the attacker to compromise a server
  • permission misconfiguration, allowing lateral movement

That was the point of this meme. It is not phishing alone that gets the company in trouble, its mostly a series of misconfigurations.

I think that in cyber security, we have to assume that phishing will be successful sometimes - and be prepared when it happens.

[–] [email protected] 4 points 3 months ago

Yep and then whatever is trying to execute should be limited by user permissions, app whitelists, EDR / MDR, and a pile of other defenses.