How about devastated that you allowed it to be taken?
happymellon•6mo ago
How did she "allow it to happen"?
I may of missed something, but I understood that these were direct attacks that exploited phishing attacks. Was she advised to do something, or allow other people to do something that she denied?
IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack, and this is what we are going to do to try and make this right.
With the ability of AI to generate pitch perfect voices, it's getting harder to vet things. Especially if the person has already been phished.
chrisjj•6mo ago
> How did she "allow it to happen"?
Inadequate security.
> I may of missed something, but I understood that these were direct attacks that exploited phishing attacks.
So?
> IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack
It seems she decided instead to stick to the truth.
Obviously if Co-op were negligent in their handling of member data they're also guilty of something. But even the best organisations have some level of exposure to phishing related attacks.
We recently experienced a cyber incident where malicious third parties attempted to access our systems. As part of this, data was extracted from one of our systems.
happymellon•6mo ago
Which could be due to phishing and not a lack of security.
bendigedig•6mo ago
I am not sure victim blaming is really an issue given this applies to the hyper-rational world of corporations.
One of the problems with victim blaming is that it typically ignores power dynamics at play and blames the powerless. I think the coop has the resources to be able to stand on its own two feet and take appropriate security measures.
chrisjj•6mo ago
I'll stick with culprit blaming.
Note the purported response is "put in place enhanced security measures to minimise disruption and protect" ... which were evidently lacking at the time.
chrisjj•6mo ago
How about devastated that you allowed it to be taken?
happymellon•6mo ago
I may of missed something, but I understood that these were direct attacks that exploited phishing attacks. Was she advised to do something, or allow other people to do something that she denied?
IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack, and this is what we are going to do to try and make this right.
With the ability of AI to generate pitch perfect voices, it's getting harder to vet things. Especially if the person has already been phished.
chrisjj•6mo ago
Inadequate security.
> I may of missed something, but I understood that these were direct attacks that exploited phishing attacks.
So?
> IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack
It seems she decided instead to stick to the truth.
happymellon•6mo ago
Citation please.
chrisjj•6mo ago
sillystu04•6mo ago
Obviously if Co-op were negligent in their handling of member data they're also guilty of something. But even the best organisations have some level of exposure to phishing related attacks.
chrisjj•6mo ago
Not the target. https://www.coop.co.uk/cyber-incident-faqs
happymellon•6mo ago
chrisjj•6mo ago
happymellon•6mo ago
chrisjj•6mo ago
____
We recently experienced a cyber incident where malicious third parties attempted to access our systems. As part of this, data was extracted from one of our systems.
happymellon•6mo ago
bendigedig•6mo ago
One of the problems with victim blaming is that it typically ignores power dynamics at play and blames the powerless. I think the coop has the resources to be able to stand on its own two feet and take appropriate security measures.
chrisjj•6mo ago
Note the purported response is "put in place enhanced security measures to minimise disruption and protect" ... which were evidently lacking at the time.