{"id":1767,"date":"2025-09-24T10:49:20","date_gmt":"2025-09-24T10:49:20","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1767"},"modified":"2025-09-24T10:49:20","modified_gmt":"2025-09-24T10:49:20","slug":"what-happens-when-a-cybersecurity-company-gets-phished","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/","title":{"rendered":"What happens when a cybersecurity company gets phished?"},"content":{"rendered":"

If you work in cybersecurity, you\u2019ve probably heard the time-honored adage about cyber attacks: \u201cIt\u2019s not a matter of\u00a0if<\/em>, but\u00a0when<\/em>.\u201d Perhaps a better way to think of it is this: while training, experience, and familiarity with social engineering techniques help, anyone can fall for a well-constructed ruse. Everyone \u2013\u00a0including security researchers<\/a>\u00a0\u2013 has a vulnerability that could make them susceptible, given the right situation, timing, and circumstances.<\/p>\n

Cybersecurity companies aren\u2019t immune by any means. In March 2025, a senior Sophos employee fell victim to a phishing email and entered their credentials into a fake login page, leading to a\u00a0multi-factor authentication<\/a>\u00a0(MFA) bypass and a threat actor trying \u2013 and failing \u2013 to worm their way into our network.<\/p>\n

We\u2019ve published an external\u00a0root cause analysis<\/a>\u00a0(RCA) about this incident on our\u00a0Trust Center<\/a>, which dives into the details \u2013 but the incident raised some interesting broader topics that we wanted to share some thoughts on.<\/p>\n

First, it\u2019s important to note that\u00a0MFA bypasses<\/a>\u00a0are increasingly common. As MFA has become more widespread, threat actors have adapted, and several phishing frameworks and services now incorporate MFA bypass capabilities (another argument for the wider adoption of\u00a0passkeys<\/a>).<\/p>\n

Second, we\u2019re sharing the details of this incident not to highlight that we successfully repelled an attack \u2013 that\u2019s our day job \u2013 but because it\u2019s a good illustration of an end-to-end defense process, and has some interesting learning points.<\/p>\n

Third, three things were key to our response: controls, cooperation, and culture.<\/p>\n

Controls<\/h2>\n

Our security controls are layered, with the objective of being resilient to human failure and bypasses of earlier layers. The guiding principle behind a \u2018defense-in-depth\u2019 security policy is that when one control is bypassed, or fails, others should kick in \u2013 providing protection across as much of the cyber kill chain as possible.<\/p>\n

As we discussed in the corresponding RCA, this incident involved multiple layers \u2013 email security, MFA, a Conditional Access Policy (CAP), device management, and account restrictions. While the threat actor bypassed some of those layers, subsequent controls were then triggered.<\/p>\n

Read the Full Story Here<\/a><\/p>\n

Source: Sophos<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

If you work in cybersecurity, you\u2019ve probably heard the time-honored adage about cyber attacks: \u201cIt\u2019s not a matter of\u00a0if, but\u00a0when.\u201d Perhaps a better way to think of it is this: while training, experience, and familiarity with social engineering techniques help, anyone can fall for a well-constructed ruse. Everyone \u2013\u00a0including security researchers\u00a0\u2013 has a vulnerability that […]<\/p>\n","protected":false},"author":2,"featured_media":1430,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1767","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"\nWhat happens when a cybersecurity company gets phished? - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What happens when a cybersecurity company gets phished? - Community\" \/>\n<meta property=\"og:description\" content=\"If you work in cybersecurity, you\u2019ve probably heard the time-honored adage about cyber attacks: \u201cIt\u2019s not a matter of\u00a0if, but\u00a0when.\u201d Perhaps a better way to think of it is this: while training, experience, and familiarity with social engineering techniques help, anyone can fall for a well-constructed ruse. Everyone \u2013\u00a0including security researchers\u00a0\u2013 has a vulnerability that […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-24T10:49:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"1920\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/\",\"name\":\"What happens when a cybersecurity company gets phished? - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg\",\"datePublished\":\"2025-09-24T10:49:20+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg\",\"width\":1280,\"height\":1920},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What happens when a cybersecurity company gets phished?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What happens when a cybersecurity company gets phished? - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/","og_locale":"en_US","og_type":"article","og_title":"What happens when a cybersecurity company gets phished? - Community","og_description":"If you work in cybersecurity, you\u2019ve probably heard the time-honored adage about cyber attacks: \u201cIt\u2019s not a matter of\u00a0if, but\u00a0when.\u201d Perhaps a better way to think of it is this: while training, experience, and familiarity with social engineering techniques help, anyone can fall for a well-constructed ruse. Everyone \u2013\u00a0including security researchers\u00a0\u2013 has a vulnerability that […]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-09-24T10:49:20+00:00","og_image":[{"width":1280,"height":1920,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/","name":"What happens when a cybersecurity company gets phished? - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg","datePublished":"2025-09-24T10:49:20+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/gmailcybersecurity.jpg","width":1280,"height":1920},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/what-happens-when-a-cybersecurity-company-gets-phished\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"What happens when a cybersecurity company gets phished?"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1767"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1767\/revisions"}],"predecessor-version":[{"id":1768,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1767\/revisions\/1768"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1430"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}