No. of Recommendations: 14
There's generally a shortfall in security awareness, risk thoughtfulness, etc, in appointed staff. I saw this in both the Bush and Obama WH...we did what we could to lessen the risk. I'm sure it is two orders of magnitude worse now. It was all we could do to get them to not send the POTUS schedule for the next day to gmail recipients...
There are a lot of attack surfaces in cyberspace. Generally, if government actors are (correctly) using .gov and .mil addresses, and web pages for their Sharepoints or JIRA or whatever they use for coordination, and government issued devices that get a reasonable amount of defensive measures put on them, it makes you not the low hanging fruit.
Gmail? Personal whatever phone? Rando home computer/tablet? Naw dog, nation states gonna get dat azz.
