• whodatdair
    link
    fedilink
    English
    arrow-up
    145
    ·
    19 days ago

    That’s ok, with how much more they’re paid than everyone else I’m sure they’re all far too clever to be fooled - corporations are the epitome of a meritocracy don’t you know?

    • shalafi@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      19 days ago

      You don’t always want the most meritorious at the top. Ever heard of the Peter Principle? Being competent with the task at hand doesn’t always translate into leadership ability.

      Can’t find it, but there’s a great quote, maybe by Ford, about hiring. Good engineers are a dime a dozen, the man who can effectively lead those engineers is a rare one.

  • Snot Flickerman
    link
    fedilink
    English
    arrow-up
    91
    ·
    edit-2
    19 days ago

    Story Time: It’s 2003 and I’m working at a local television station in buttfuck nowhere Louisiana as a Production Assistant.

    We had just recovered from a massive disaster that had taken out tons of our equipment because somehow, the radio tower next to the building had never been properly grounded and so since it’s the tallest structure in the area by far, when it finally got hit by lightning we got fucked.

    Anyway, just back on our feet when a computer virus wrecks more than half the systems in the building.

    We would eventually find out that it was the manager who ran the station, the local Big Boss, the guy who answered to corporate (I don’t recall his actual title, just that he was the top dog at the station). He clicked on one of those bullshit emails, downloaded and ran the attachment. This was 2003 mind you, when those type of attacks were even less sophisticated.

    Literally, no punishment for him at all despite making everyone’s jobs harder for weeks on end. These people are fucking easily manipulated and we do nothing to punish them when they fuck up.


    Finally, why wouldn’t they target executives? They have a history of acting like rules about security don’t apply to them because they’re inconvenient, and they have the biggest pocketbooks to rob and the most control at their corporations. They are literally the most lucrative target you could choose. Getting the keys to their user account could be more useful than getting an IT admins account, depending on how foolhardy the executive is.

    • SlopppyEngineer@lemmy.world
      link
      fedilink
      English
      arrow-up
      31
      ·
      edit-2
      19 days ago

      It’s the owning class. They’re always treated differently from the wiring working class. Reminds me of history in Europe where the noble families ruled. Often these families were more inbred than any Southern stereotype ever was, and intellectual faculties to match, but they were the bosses. It’s also why every fairy tale starts with a beautiful princess to let you know it was fiction as in reality most princesses were inbred horrors.

    • cygnus@lemmy.ca
      link
      fedilink
      English
      arrow-up
      30
      ·
      19 days ago

      That sounds like the same kind of guy who will make a never-ending stink because he insists on BYOD despite IT’s objections.

    • jaybone@lemmy.world
      link
      fedilink
      English
      arrow-up
      26
      ·
      19 days ago

      Oh they’re targeted There’s even a term for it. It’s called whaling.

      About punishment though, do companies normally “punish” people for being victims of a cyberattack? I could see them maybe make you take some cyber security training.

      If they fired you, I wonder if the company would worry you might sue them for wrongful termination, claiming it wasn’t your fault.

      Of course if they give you the security training and you still click the bad link, maybe they can use that as a justification for termination, where they will claim you were properly trained to avoid it.

      • Infynis@midwest.social
        link
        fedilink
        English
        arrow-up
        20
        ·
        19 days ago

        Yes, a pleb that clicked a link that brought the org to an expensive screeching halt for weeks, would have been fired

        • hydration9806@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          ·
          18 days ago

          That likely would happen, but it definitely shouldn’t. If someone clicks on a phishing link, that is the fault of the business for not training them well enough.

      • catloaf@lemm.ee
        link
        fedilink
        English
        arrow-up
        13
        ·
        19 days ago

        You would almost certainly not win that wrongful termination suit.

        But you might be able to drag it out long enough for a settlement.

  • shalafi@lemmy.world
    link
    fedilink
    English
    arrow-up
    54
    ·
    19 days ago

    CEO at my last company refused any security access he didn’t strictly require. He’d just laugh, “Yeah, no, don’t even want that.”

    In my IT experience, it’s the department heads, or people an outsider thinks is important, that get spear phished. Job before last, the HR woman got overrun with attacks. LOL, she was the most useless, clueless person in the company but she sounded important on paper. Director of Human Resources. She had two people under her in a 35 employee outfit.