How malicious hackers attack (InfoWorld, by Roger A. Grimes)

How malicious hackers attack — an overview by Roger A. Grimes, for InfoWorld

‘When it comes to network defense, the adage “know thy enemy” is never more appropriate.’ — But this is probably the best technique:
‘Every professional penetration tester can easily, and laughingly, recount numerous stories about how easy it is to get unauthorized access from a normal corporate employee. I often walk up to the CEO’s executive secretary and say something like, “Hello, my name is Roger Grimes. I’ve been hired by IT to do password penetration test auditing. I need the CEO’s password.”

How often does this work? So far, 100 percent of the time.’