The fact that so many high profile accounts have been breached suggests that this probably wasn’t due to the individuals – such as Elon Musk, Joe Biden or Kanye West – having poor passwords, but is likely to have come about from a Twitter employee with privileged access. Unfortunately, it looks as though the breach has been extremely successful, and members of the public have been duped into sending large sums of money to a cybercriminal instead of their favourite celebrity. It is also unclear what kind of access the hackers have on these accounts, so the effects may be felt well beyond this one scam. Breaches like this show that cybercrime can happen to anyone, even if you work at a large tech company, such as Twitter, where you would think employees are more clued in about cybercrime than in other industries. But, we shouldn’t be blaming users – the hack is likely to have been very sophisticated and incredibly difficult to spot, involving sophisticated social engineering. Even if they have sat through security awareness training, when busy working, it’s hard to spot when a hack is taking place. Instead, we should be getting to know users – who are posing the greatest risk and why? Are users complying with policies? Which users exhibit risky behaviours? Or who poses a potential risk? By getting to know their users, CISOs can create accurate risk profiles and make targeted, personal interventions, such as limiting access or deploying multi-factor authentication to potentially high-risk individuals to ensure that incidents like this don’t occur again.  Read Less