Good Cybersecurity is a lot like Ogres. It needs to be made up of layers. And like slices of swiss cheese, not each layer is perfect.
End user awareness training is still important. At one point in time everyone didn’t know how to type, let alone read and write. So education, and continuing education will always be important.
An IT department should be able to make it so even if a user clicks a link, gives away their password, and downloads something, the impact should be as minimal as possible. Maybe the user is locked out for half a day and needs to be issued a new computer before they can get back to work. But that is still less disruptive to automate locking them down and requiring manual intervention to unlock than a ransomware event.
Good IT security is different than what you describe. You are describing give up the house and hope you can get it back again with probabilistic scanners security. It makes your security team look important because they are incapable of their job.
The OWASP auth cheat sheet discusses many of the options for making that phishing of a password useless instead of reacting to its use.. Separate IDPs with weak mfa, fido, etc. And of course if one isn't doing small-time bland business one should consider more complete computing silos for many things, signed email or separate double ratchet oriented messengers, etc.
Ah well pardon my ignorance then, thanks for filling me in -- I was afraid of something like that.
Shrek is long forgotten for me though I remember the web-based soundtrack player worked for quite a while longer than I expected after the movie website lost any real purpose. Many times it seemed scenes were written to tie in the popular music of the day, or maybe they just had a big licensing budget.
End user awareness training is still important. At one point in time everyone didn’t know how to type, let alone read and write. So education, and continuing education will always be important.
An IT department should be able to make it so even if a user clicks a link, gives away their password, and downloads something, the impact should be as minimal as possible. Maybe the user is locked out for half a day and needs to be issued a new computer before they can get back to work. But that is still less disruptive to automate locking them down and requiring manual intervention to unlock than a ransomware event.