A modern attack rarely starts with an exploit. It starts with a person. Uber and Twilio were both breached after attackers impersonated IT and phished employees. Coinbase faces up to $400M in cleanup costs after criminals bribed overseas support agents for customer data and used it to scam users.
Why the old defenses miss it
Email filters catch mass phishing, so attackers moved to WhatsApp, Telegram, LinkedIn, SMS, and voice, then chained them together. Mandiant’s M-Trends found Scattered Spider going from a helpdesk vishing call to full domain-admin access in roughly 40 minutes. Vishing now sells as a service at $500 to $1,000 per successful call. AI makes the caller convincing: in 2023, attackers used an AI voice clone of Retool’s IT staff to call an engineer, clear MFA, and reach 27 of its crypto customers. Awareness training does little against this, and controlled studies find almost no relationship between recent training and click rates.
We watch the seams between channels
Each surface alone looks benign. The attack becomes legible only when signal is shared across channels, which is what the Communication Firewall is built to see.
When the message gets through
Not every attack can be stopped at the door, so we plan for the ones that land. When a signer approves the wrong transaction, or an employee wires to a spoofed vendor, speed decides the loss. We move to lock the account, stop the transfer, and trace what the attacker touched, then close the path they used to get in. The faster we start, the more of the transfer we can still recover.
