What the Phish!! | Microsoft's new Recall
CyberInsights #141 - Why you should do away with phishing simulation | Why you should get rid of all Windows PCs if MS Recall rolls out
Phishing Simulations are not effective
There has been a 58% rise in phishing related incidents despite the regular phishing exercises we are all subject to.
Bless this gentleman - Matt Linton from Google who questions the whole premise of the phishing exercise. [LINK]
Phishing exercises are not effective. In fact studies have shown that they are counterproductive!!
They just satisfy the action bias of cybersecurity professionals who cannot figure out any other way to prevent a phishing attack.
I confess, I've fallen into this trap myself. Like many others, we've conducted numerous phishing simulation campaigns, each more elaborate than the last, aiming to make it increasingly difficult to discern a phishing attempt until the moment we cry, "Gotcha!" But is it really effective?
Read the blog here that compares phishing simulation to a fire drill here.
Take Action:
Phishing mails that entice your users to click are just as ineffective as boring awareness mails that get ignored. What you need is an effective middle ground.
Something more than an awareness mail. Something not quite a phishing mail.
What mail sent to all people in your organisation would increase the overall awareness? Think about it and let me know…
How about I take a screenshot every few minutes? I solemnly swear to keep it only on your local machine…
After peer-to-peer updates in Windows 10, MS has a new controversy - Microsoft Recall
Would you like to find anything that you’ve ever seen on your PC? Do you want to search using any clues you remember or scroll through your usage timeline? I mean, just about anything on your screen? Just like magic!!
Microsoft unveiled (drumroll…) “Recall” - an AI powered search that can help you do just that[LINK].
Except that it comes at a cost.
The ‘cost’ is that Microsoft now takes a screenshot of your system every few seconds and stores it locally on your machine. Encrypted, of course. Only accessible to you.
If I had a privacy nightmare that caused me to wake up screaming and sweating in the middle of the night, this would be the premise of the nightmare.
Microsoft promises privacy. It will not take a screenshot when you are using MS Edge to browse in private mode. It will remove financial information and passwords from screenshots. That’s newspeak for “Windows will never be the same again”.
You will never do anything on your laptop that would not do with a theatre full of people watching your screen. And that’s a privacy red flag.
Governments are taking a note of it. Read this article on the BBC where the UK watchdog is reviewing this. [LINK]
Take Action:
Wait for the launch and rush to disable it if it launches. Switch to Macs or Linux if you cannot disable it. Seriously.
Let me know if you think it is not as serious as I am making it out to be…
There is a niche market for this, and it is corporate micromanagers and government systems.
Is *this* what will make folks go to Linux?