Where do you start if you want to pierce a corporation’s cybersecurity protections? The CEO.
“Goldman, Citi Bosses Duped by Email Prankster,” The Wall Street Journal, June 13, 2017 B11. Although nothing confidential was leaked, the CEOs bought into phishing emails.
Hard to blame the Chief Information Security Officer. One assumes there’s a policy in place, but can you write a policy to protect against this? Who else in the corporation isn’t following the existing policy? How do you fix? Two-factor authentication for every email to/from a senior exec? Encryption?