Reply to post: Re: "I do not blame the person who clicks in an email"

Gone in a day: Ethical hackers say it would take mere hours to empty your network

Michael Wojcik Silver badge

Re: "I do not blame the person who clicks in an email"

Real email from our corporate security group looks exactly like a phishing mail, including the link to a site not in our domain and instructions to enter corporate credentials.

And that's for our anti-phishing training.

Blaming users is stupid and pointless. It's stupid because human beings cannot be constantly vigilant, and organizations continue to use email with embedded URLs for legitimate purposes. It's pointless because decades of IT security experience, and millennia of security experience in general, universally tell us that blaming the users does not help. It does nothing to improve the situation. It's merely an occasion to make yourself look smug, and it's not even very good for that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon