If a single click on a phishing email can ruin the entire company, the blame doesn’t lie with that individual.
You are viewing a single thread.
View all comments 96 points
There are very few one click total compromises out there.
Most of the time clicking on the link will get to a phishing page to harvest credentials or prompt to download a zip or pdf which has the actual malware exploit/payload.
40 points
True, in many cases there is a whole chain of vulnerabilities and misconfigurations, and everything starts with one phishing mail. For example:
- successful phishing
- VPN without 2FA, allowing the attacker access to company services
- internal services with vulnerabilities, allowing the attacker to compromise a server
- permission misconfiguration, allowing lateral movement
That was the point of this meme. It is not phishing alone that gets the company in trouble, its mostly a series of misconfigurations.
I think that in cyber security, we have to assume that phishing will be successful sometimes - and be prepared when it happens.
4 points