Story Time: It’s 2003 and I’m working at a local television station in buttfuck nowhere Louisiana as a Production Assistant.
We had just recovered from a massive disaster that had taken out tons of our equipment because somehow, the radio tower next to the building had never been properly grounded and so since it’s the tallest structure in the area by far, when it finally got hit by lightning we got fucked.
Anyway, just back on our feet when a computer virus wrecks more than half the systems in the building.
We would eventually find out that it was the manager who ran the station, the local Big Boss, the guy who answered to corporate (I don’t recall his actual title, just that he was the top dog at the station). He clicked on one of those bullshit emails, downloaded and ran the attachment. This was 2003 mind you, when those type of attacks were even less sophisticated.
Literally, no punishment for him at all despite making everyone’s jobs harder for weeks on end. These people are fucking easily manipulated and we do nothing to punish them when they fuck up.
Finally, why wouldn’t they target executives? They have a history of acting like rules about security don’t apply to them because they’re inconvenient, and they have the biggest pocketbooks to rob and the most control at their corporations. They are literally the most lucrative target you could choose. Getting the keys to their user account could be more useful than getting an IT admins account, depending on how foolhardy the executive is.
It’s the owning class. They’re always treated differently from the wiring working class. Reminds me of history in Europe where the noble families ruled. Often these families were more inbred than any Southern stereotype ever was, and intellectual faculties to match, but they were the bosses. It’s also why every fairy tale starts with a beautiful princess to let you know it was fiction as in reality most princesses were inbred horrors.
Oh they’re targeted There’s even a term for it. It’s called whaling.
About punishment though, do companies normally “punish” people for being victims of a cyberattack? I could see them maybe make you take some cyber security training.
If they fired you, I wonder if the company would worry you might sue them for wrongful termination, claiming it wasn’t your fault.
Of course if they give you the security training and you still click the bad link, maybe they can use that as a justification for termination, where they will claim you were properly trained to avoid it.
That likely would happen, but it definitely shouldn’t. If someone clicks on a phishing link, that is the fault of the business for not training them well enough.
Story Time: It’s 2003 and I’m working at a local television station in buttfuck nowhere Louisiana as a Production Assistant.
We had just recovered from a massive disaster that had taken out tons of our equipment because somehow, the radio tower next to the building had never been properly grounded and so since it’s the tallest structure in the area by far, when it finally got hit by lightning we got fucked.
Anyway, just back on our feet when a computer virus wrecks more than half the systems in the building.
We would eventually find out that it was the manager who ran the station, the local Big Boss, the guy who answered to corporate (I don’t recall his actual title, just that he was the top dog at the station). He clicked on one of those bullshit emails, downloaded and ran the attachment. This was 2003 mind you, when those type of attacks were even less sophisticated.
Literally, no punishment for him at all despite making everyone’s jobs harder for weeks on end. These people are fucking easily manipulated and we do nothing to punish them when they fuck up.
Finally, why wouldn’t they target executives? They have a history of acting like rules about security don’t apply to them because they’re inconvenient, and they have the biggest pocketbooks to rob and the most control at their corporations. They are literally the most lucrative target you could choose. Getting the keys to their user account could be more useful than getting an IT admins account, depending on how foolhardy the executive is.
It’s the owning class. They’re always treated differently from the wiring working class. Reminds me of history in Europe where the noble families ruled. Often these families were more inbred than any Southern stereotype ever was, and intellectual faculties to match, but they were the bosses. It’s also why every fairy tale starts with a beautiful princess to let you know it was fiction as in reality most princesses were inbred horrors.
Oh they’re targeted There’s even a term for it. It’s called whaling.
About punishment though, do companies normally “punish” people for being victims of a cyberattack? I could see them maybe make you take some cyber security training.
If they fired you, I wonder if the company would worry you might sue them for wrongful termination, claiming it wasn’t your fault.
Of course if they give you the security training and you still click the bad link, maybe they can use that as a justification for termination, where they will claim you were properly trained to avoid it.
Yes, a pleb that clicked a link that brought the org to an expensive screeching halt for weeks, would have been fired
That likely would happen, but it definitely shouldn’t. If someone clicks on a phishing link, that is the fault of the business for not training them well enough.
You would almost certainly not win that wrongful termination suit.
But you might be able to drag it out long enough for a settlement.
That sounds like the same kind of guy who will make a never-ending stink because he insists on BYOD despite IT’s objections.
Exactly, creating the exact conditions for them to be scammed!