Bank gets lesson in the security failings of third parties
The most effective cyberattacks turn the tables on the security measures we take to ward off attacks. We’re always countering the attacks that have worked in the past, rarely thinking about the opportunities our countermeasures might open up.
And opportunities always abound. If malware is being delivered via attachments, we put out memos forbidding employees from opening attachments from strangers. Cybercriminals see this, and they come up with phishing — sending out attachments in emails that appear to come from the recipients’ close co-workers. So then we warn employees to not open an attachment unless it was expected. All right, say the attackers; we’ll just wait for an attachment heads up and then launch our attack.