August 11th, 2021 by William Wentowski
It's a Friday afternoon and you receive an email asking you to participate in a bid with a link to the bid documents. Maybe you will look at it before the weekend and mull over if you want to respond to it. Upon clicking the link, it asks for login information and…there is no bid document. You were phished. What happens next is critical to the companies' cyber security.
Many people would be embarrassed that they were fooled. Embarrassment is what charlatans and conmen have relied on for centuries to protect them while they run their cons. Who wants to admit that they were tricked? The problem is, not saying anything gives the attackers more time to work their way into critical systems.
Friday afternoons are the ideal time for attacks, and notable hacks occurred on Fridays because they provide the attackers more time. The embarrassed employee does not alert anyone that they clicked a suspicious email and provided login information. A few hours later they go home, and the hackers are hard at work to take over as many systems as they can before automated alerting or particularly vigilant staff notice anything. Between the phish and the start of the disaster there is anywhere from 10 minutes to 12 hours (depends entirely on the speed of the hacker) for IT to respond and try to avert the hack.
It is critical that employees say something when anything seems amiss. The organization must foster a sense that it is ok to make mistakes (everyone will be phished at some point), and arm staff with the means to alert management/IT that something has gone wrong. Embarrassment and time are the hackers’ tools and they must be denied.
Posted in: Solutions