|
|
|
|
|
|
by thewebguyd
248 days ago
|
|
|
> If somebody gets access to internal documentation, HR lists, etc, It's hard to be resistant to phishing at that point and you have bigger problems. What if Susan in HR falls victim to token theft (let's say conditional access/MDM policies don't catch it or aren't configured, which many businesses don't bother with). Her email account is now pwned, and the company gets an email from her, it passes all verification checks because it's actually from her account. It's still phishing, but the users have no way to know that. They don't know Susan just got compromised and the email they got from her isn't real. If this is a human attacker and not just bots, they can really target the attack based on the info in her inbox/past emails and anything else she has access to. So there's no way for the organization to be resistant at that point until IT/security can see thea account compromise and stop it. Ideally, it's real-time and there's an SOC ready to respond. In practice, most companies don't invest that much into security, or they are too small and don't have the budget for a huge security operation like that. It's a really hard problem to solve |
|
|
Somebody in every big company is compromised already.