It\u2019s a familiar enough trope. Your mate turns up with a black eye. He will tell you that a group of heavies attacked him rather than admit a 9 stone teenager laid him out . The theme is that you must exaggerate the your adversary’s capabilities of if they’ve clearly defeated you. The alternative is to confess to your own weakness. Today, people tell the press that their systems were the victim of a sophisticated cyber-attack. Sophisticated cyber-attacks certainly do happen, so this may be true. <\/p>\n\n\n\n
Some of the time however breaches occur because a miscreant asked poorly trained user for their credentials via email. The user happily surrendered their access thinking they were logging into an approved service. Or they clicked on a link or opened an attachment. Enter a cybercriminal whose skillset is limited to operating tools written by others. They found that the user’s permissions were sufficient to allow them to gain complete administrative access over the company\u2019s systems. All this without tripping up whatever monitoring may have been in place. That too will, likely as not, be reported as a sophisticated cyber-attack. By contrast how often do you hear the more honest \u201cwe did the bare minimum on cyber security so we could focus on growth, our core business or bonuses?\u201d<\/p>\n\n\n\n