from Hacker News

Take9 Won't Improve Cybersecurity

by MattSayar on 5/30/25, 12:13 PM with 14 comments

  • by redman25 on 5/30/25, 1:45 PM

    The majority of successful attacks are business email compromise. In that context take9 makes sense in my mind because there _is_ responsibility for users to be mindful of clicks.

    Not every phishing email can be caught before it reaches users and campaigns to raise user awareness I think are important.

  • by kemotep on 5/30/25, 2:26 PM

    Good Cybersecurity is a lot like Ogres. It needs to be made up of layers. And like slices of swiss cheese, not each layer is perfect.

    End user awareness training is still important. At one point in time everyone didn’t know how to type, let alone read and write. So education, and continuing education will always be important.

    An IT department should be able to make it so even if a user clicks a link, gives away their password, and downloads something, the impact should be as minimal as possible. Maybe the user is locked out for half a day and needs to be issued a new computer before they can get back to work. But that is still less disruptive to automate locking them down and requiring manual intervention to unlock than a ransomware event.

  • by moomin on 5/30/25, 2:50 PM

    I’ve come to the conclusion that campaigns like that aren’t intended to improve Cybersecurity, they’re there to deflect responsibility.