Reply to post: " It's Doris in HR clicking an email link"

If your org hasn't had a security incident in the last year: Good for you, you're in the minority

Mike 137 Bronze badge

" It's Doris in HR clicking an email link"

On the other hand, it's so easy to blame Doris - the person least likely to be able to distinguish the malicious material from among the daily cascade of messages.

I'm most interested in two things:

[1] how did the malicious content arrive at the desktop, instead of being filtered out before it got there?

[2] the almost universal ease with which malicious code launched from one desktop manages to infiltrate entire corporate networks.

Maybe we should not blame Doris or even "IT" - ideally not blame anyone, but instead reconsider the robustness of our infrastructures. The ideal is intrinsic resilience against the unexpected so these (commonly simplistic) attack vectors merely bounce off harmlessly. In my professional experience, the fundamental failing is not usually a technological one, it's lack of effective management oversight. This leads to gross mismatch between assumptions and realities, as was so evident at Equifax, and the result is inevitably an unwitting soft target.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019