Seriously? WTF?
“Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques,” according to a copy of the lawsuit reviewed by Reuters. “The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox’s network, and Cognizant handed the credentials right over.”
#CyberSecurity #Ransomware #Hacking #SocialEngineering
It’s that easy huh?
It’s not even “pretend to be the county password Inspector”. It’s literally just “hi, can I have access?”
The approach to limit complexity and scope in jobs to lower the educational or skill requirements (and transparently by companies resulting compensation) guarantees siloed work. Not only to people have a limited understanding of the work they’re doing and how it connects but they have NO idea what other people are doing, or why–and that’s even within the same department or function.
@[email protected] Even if a door is unbreakable, the walls might not be.
Surprisingly, even the best security measures can be easily overcome by simple social engineering. This case should remind us of the importance of including everyone in a security strategy. It is crucial to consistently teach and explain to all employees why security is important and how to implement best practices at every level of a company. Unfortunately, many companies, like Clorox, fail to educate all employees, leaving themselves wide open to social engineering attacks.You know when you accepted the risk, boss?
This is the risk.
deleted by creator
