Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 330, Issue 4IT Vendor NewsSophos

What Happens When A Cybersecurity Company Gets Phished?

Sophos, Monday, September 22nd, 2025

A Sophos employee was phished, but we countered the threat with an end-to-end defense process

If you work in cybersecurity, you've probably heard the time-honored adage about cyber attacks: 'It's not a matter of if, but when.' Perhaps a better way to think of it is this: while training, experience, and familiarity with social engineering techniques help, anyone can fall for a well-constructed ruse. Everyone - including security researchers - has a vulnerability that could make them susceptible, given the right situation, timing, and circumstances.

Cybersecurity companies aren't immune by any means. In March 2025, a senior Sophos employee fell victim to a phishing email and entered their credentials into a fake login page, leading to a multi-factor authentication (MFA) bypass and a threat actor trying - and failing - to worm their way into our network.

more →  ·  More from Sophos →