[aidos]

To be honest, I have no experience - so I can't say, if the description in the article is at all accurate though, they're in a pretty bad way:

"The cybercriminals sent their victims infected emails — a news clip or message that appeared to come from a colleague — as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code. That allowed the hackers to crawl across a bank’s network"

There must be plenty of people on HN with experience in this field, so it'll be interesting to hear their take on it.

My (very ranting/rambling) point was that I've seen other large organisations pretending to do security (and probably believing it themselves), where it's really just security theatre.