I may of missed something, but I understood that these were direct attacks that exploited phishing attacks. Was she advised to do something, or allow other people to do something that she denied?
IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack, and this is what we are going to do to try and make this right.
With the ability of AI to generate pitch perfect voices, it's getting harder to vet things. Especially if the person has already been phished.
Obviously if Co-op were negligent in their handling of member data they're also guilty of something. But even the best organisations have some level of exposure to phishing related attacks.
I am not sure victim blaming is really an issue given this applies to the hyper-rational world of corporations.
One of the problems with victim blaming is that it typically ignores power dynamics at play and blames the powerless. I think the coop has the resources to be able to stand on its own two feet and take appropriate security measures.
Note the purported response is "put in place enhanced security measures to minimise disruption and protect" ... which were evidently lacking at the time.
> "I'm devastated that information was taken.
How about devastated that you allowed it to be taken?
How did she "allow it to happen"?
I may of missed something, but I understood that these were direct attacks that exploited phishing attacks. Was she advised to do something, or allow other people to do something that she denied?
IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack, and this is what we are going to do to try and make this right.
With the ability of AI to generate pitch perfect voices, it's getting harder to vet things. Especially if the person has already been phished.
> How did she "allow it to happen"?
Inadequate security.
> I may of missed something, but I understood that these were direct attacks that exploited phishing attacks.
So?
> IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack
It seems she decided instead to stick to the truth.
That sounds dangerously close to victim blaming.
Obviously if Co-op were negligent in their handling of member data they're also guilty of something. But even the best organisations have some level of exposure to phishing related attacks.
Phishing? Says who?
Not the target. https://www.coop.co.uk/cyber-incident-faqs
That says absolutely nothing.
And not phishing.
I am not sure victim blaming is really an issue given this applies to the hyper-rational world of corporations.
One of the problems with victim blaming is that it typically ignores power dynamics at play and blames the powerless. I think the coop has the resources to be able to stand on its own two feet and take appropriate security measures.
I'll stick with culprit blaming.
Note the purported response is "put in place enhanced security measures to minimise disruption and protect" ... which were evidently lacking at the time.