"The attacks typically began with carefully targeted emails with Excel spreadsheet attachments sent to top executives." After some decades demonstrating the greater vulnerability of Microsoft's Windows, Office and server products, why would anyone, especially in a sensitive location, still be using these products? About ten years ago I worked in a large US government department that was hit by a virus that quickly crippled thousands of desktops, laptops and servers- all running Windows. Systems running UNIX (including Macs) or Linux were unaffected, but since most of our firewalls were also running Windows, they were knocked out too. My earlier public warning about the danger of such widespread reliance on Windows had been ignored, and never subject to a proper risk analysis.

It is amazing that after decades of constant failures to protect organizations from malicious emails, people deploy all sorts of complex systems before solving the flaw in the email protocol, the ability to receive an email from an adversary without warning. Firewalls technologies is great in protecting systems facing the internet by restricting internet traffic. However, it must let mail pass through to continue to its destination and let cyber security protection systems determine its validity. Email is the only method that enables someone in Iran, China and Russia reach end user in Israel, EU and USA. Using social media it is easier for an adversary to send well-crafted targeted email to executives with zero day virus. CBS and McAfee have a phishing quiz that proof that even cyber security professional can fail in identifying Phishing. People can't be 100% right 100% of the time. Here is the link to the quiz: http://cbsphishingquiz.mcafee.com/question/1 Proofbyte is the only company to have the technology to marked senders as trusted or untrusted using cryptography and proprietary algorithms. It built on top of the email protocol to fill the security gap of allowing anyone to send an email to anyone without warning.