ヒマワリ会 Sunflower Society
Photo
this speaks to something that i have grown increasingly frustrated about. employees not only dont care about cyber security, they dont care about the ramifications of an intrusion.
a couple weeks ago I had to handle two separate investigations in the same day where users got phished and their email was compromised. Both users ended up sending about a thousand phishing emails each. one of them sent many of the emails internally, causing two other email accounts to also become compromised.
I spoke with both users during my post intrusion investigation and BOTH OF THEM KNEW THEY HAD BEEN HACKED AND DIDNT CARE.
both users had attempted to access a document in a phishing mail, given up their password, and after contacting the sender were told "sorry dude i got hacked that was a malicious email sent from my account."
they didnt notify me or anyone else of the issue. they didnt care. when i told them their actions caused a thousand or so malicious emails to be sent out the response was "huh, wow". when i told them that the TA also got access to the companies onedrive/sharepoint files the response was "okay"
i understand the temptation to read this and say "lol based anti-wagie employee" but the problem is that if you let people like this fester in a company they become a serious liability that can lead to a massive breach such as ransomware and if youre not properly backing up and protecting your files you can literally cause the entire company go under and now no one is getting income to pay for their homes. also i dont want scammers to get money they dont deserve.
a couple weeks ago I had to handle two separate investigations in the same day where users got phished and their email was compromised. Both users ended up sending about a thousand phishing emails each. one of them sent many of the emails internally, causing two other email accounts to also become compromised.
I spoke with both users during my post intrusion investigation and BOTH OF THEM KNEW THEY HAD BEEN HACKED AND DIDNT CARE.
both users had attempted to access a document in a phishing mail, given up their password, and after contacting the sender were told "sorry dude i got hacked that was a malicious email sent from my account."
they didnt notify me or anyone else of the issue. they didnt care. when i told them their actions caused a thousand or so malicious emails to be sent out the response was "huh, wow". when i told them that the TA also got access to the companies onedrive/sharepoint files the response was "okay"
i understand the temptation to read this and say "lol based anti-wagie employee" but the problem is that if you let people like this fester in a company they become a serious liability that can lead to a massive breach such as ransomware and if youre not properly backing up and protecting your files you can literally cause the entire company go under and now no one is getting income to pay for their homes. also i dont want scammers to get money they dont deserve.
if you are a business owner, you seriously need to start punishing employees for getting owned. im not saying you should fire people for failing a phishing test, but you should be telling them "you have to do mandatory remedial training and this will go on your employee record."
*inhales*
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
https://x.com/PayPal/status/2009280294667354509
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
https://x.com/PayPal/status/2009280294667354509
😁1🌚1
placeholder
Photo
my current personal laptop is from 2014 come on man i hate consumerism so much
to be fair my 12 year old laptop only works because it does not run windows.
to be fair my 12 year old laptop only works because it does not run windows.