Macro-based phishing isn't the threat it was three years ago. Microsoft changed the defaults and attackers moved on. So why does the Essential 8 still include this control? Because a vendor default and a verified configuration are not the same thing, and the gap between them is where the residual risk lives.
Read More