Email remains the most common initial attack vector for cybercriminals. Infiltrating an organisation via an email-based attack can happen at any level — phishing is not only targeted at the C-suite. Once attackers have got an individual’s credentials then they can gain access. Once inside the network with one set of credentials, attackers can more easily move laterally and gain more permissions and fuller access. Even access to an employee’s mobile can be escalated into wider network access.