Story Time: It’s 2003 and I’m working at a local television station in buttfuck nowhere Louisiana as a Production Assistant.
We had just recovered from a massive disaster that had taken out tons of our equipment because somehow, the radio tower next to the building had never been properly grounded and so since it’s the tallest structure in the area by far, when it finally got hit by lightning we got fucked.
Anyway, just back on our feet when a computer virus wrecks more than half the systems in the building.
We would eventually find out that it was the manager who ran the station, the local Big Boss, the guy who answered to corporate (I don’t recall his actual title, just that he was the top dog at the station). He clicked on one of those bullshit emails, downloaded and ran the attachment. This was 2003 mind you, when those type of attacks were even less sophisticated.
Literally, no punishment for him at all despite making everyone’s jobs harder for weeks on end. These people are fucking easily manipulated and we do nothing to punish them when they fuck up.
Finally, why wouldn’t they target executives? They have a history of acting like rules about security don’t apply to them because they’re inconvenient, and they have the biggest pocketbooks to rob and the most control at their corporations. They are literally the most lucrative target you could choose. Getting the keys to their user account could be more useful than getting an IT admins account, depending on how foolhardy the executive is.
Oh they’re targeted There’s even a term for it. It’s called whaling.
About punishment though, do companies normally “punish” people for being victims of a cyberattack? I could see them maybe make you take some cyber security training.
If they fired you, I wonder if the company would worry you might sue them for wrongful termination, claiming it wasn’t your fault.
Of course if they give you the security training and you still click the bad link, maybe they can use that as a justification for termination, where they will claim you were properly trained to avoid it.
Story Time: It’s 2003 and I’m working at a local television station in buttfuck nowhere Louisiana as a Production Assistant.
We had just recovered from a massive disaster that had taken out tons of our equipment because somehow, the radio tower next to the building had never been properly grounded and so since it’s the tallest structure in the area by far, when it finally got hit by lightning we got fucked.
Anyway, just back on our feet when a computer virus wrecks more than half the systems in the building.
We would eventually find out that it was the manager who ran the station, the local Big Boss, the guy who answered to corporate (I don’t recall his actual title, just that he was the top dog at the station). He clicked on one of those bullshit emails, downloaded and ran the attachment. This was 2003 mind you, when those type of attacks were even less sophisticated.
Literally, no punishment for him at all despite making everyone’s jobs harder for weeks on end. These people are fucking easily manipulated and we do nothing to punish them when they fuck up.
Finally, why wouldn’t they target executives? They have a history of acting like rules about security don’t apply to them because they’re inconvenient, and they have the biggest pocketbooks to rob and the most control at their corporations. They are literally the most lucrative target you could choose. Getting the keys to their user account could be more useful than getting an IT admins account, depending on how foolhardy the executive is.
That sounds like the same kind of guy who will make a never-ending stink because he insists on BYOD despite IT’s objections.
Exactly, creating the exact conditions for them to be scammed!
Oh they’re targeted There’s even a term for it. It’s called whaling.
About punishment though, do companies normally “punish” people for being victims of a cyberattack? I could see them maybe make you take some cyber security training.
If they fired you, I wonder if the company would worry you might sue them for wrongful termination, claiming it wasn’t your fault.
Of course if they give you the security training and you still click the bad link, maybe they can use that as a justification for termination, where they will claim you were properly trained to avoid it.
You would almost certainly not win that wrongful termination suit.
But you might be able to drag it out long enough for a settlement.