Anybody — whether it’s government, private sector, nonprofits — anybody who thinks they are not a potential target is nuts, is so naïve as to be destructive to the system. Everybody is a potential target. There’s a whole bunch of “black hat” people out there — individuals, groups, all the way up to nation states. They are looking for money, they’re looking for data, they’re looking for leverage, and in some cases, looking to do mischief like destruction.
The best quick fix is leadership. It’s taking the rules you already have, no new software, no new hardware, just take the rules and regulations you have and enforce them.
Can I tell a quick story? The Air Force had a base commander who forced his IT people to give him a one digit password for his classified system because he was too important to be slowed down by multiple digits. In five minutes after that happened, everybody in that base knew two things: One, their boss was a complete idiot. Two, security wasn’t important.