Phishing emails are one of the most successful attack methods in use today. Even mobile ransomware is getting in on the action with attacks being up 250% since January 2017 alone. Symantec's 2017 Internet Security Threat Report (ISTR) stated 1 in 131 emails contained malware in 2016 - the highest rate in 5 years. Why do you think this is? What makes phishing so attractive of an attack vector for hackers/cyber criminals? Assuming you are a new CISO to an organization without adequate email protections and user training, what policy and/or technology recommendation would you make to counter this threat?