• @[email protected]
    link
    fedilink
    English
    -51 year ago

    I guess you didn’t read the article or think about what you’re saying?

    They aren’t phishing low tier workers. They’re getting executives and people high up in companies to the data they’re after. They aren’t getting in by using an hourly employees info.

    • @[email protected]
      link
      fedilink
      English
      81 year ago

      It’s the low tier employees that usually monitor for breaches and anomalies and they just won’t give a shit.

      • @[email protected]
        link
        fedilink
        English
        51 year ago

        And “tech debt” (which I’m sure said execs would lump refactoring infrastructural security under) isn’t a new feature that generates money, so it’ll get consistently deprioritized.

        Source: am software+devops engineer

        • @[email protected]
          link
          fedilink
          English
          31 year ago

          Cyber gets paid but help desk folks, ops managers, general help staff, and the little people with too much least privilege who actually get shit done usually aren’t.

          Source: am executive with compliance history

            • @[email protected]
              link
              fedilink
              English
              11 year ago

              The article explicitly talks about social engineering. If you’ve solved social engineering for the positions I listed, you have effectively ended the need for most security solutions. Yes, we can mitigate its effects, but no, watching doesn’t prevent it which was the context of this thread.

                • @[email protected]
                  link
                  fedilink
                  English
                  21 year ago

                  You have to define adversary objectives then separate those from normal behavior. Again, you haven’t solved the problem raised in the thread. How are you, a highly paid cyber security professional, going to prevent social engineering from allowing privilege escalation and negative outcomes ranging from fraudulent invoices to knowledgeable, intentional use of applications following expected behavior?

                  Read the article.