In a recent blog I explained how your Mom was going to get owned next year - now it's time to dish on your CxO . . .

http://www.vnunet.com/vnunet/news/2204871/mi5-warns-chinese-hack-attacks

http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9050538&taxonomyId=17&intsrc=kc_top

I believe most of these attacks are e-mail based (either very convincing 'click on this link' type emails or emails with attachments) . . . the e-mails are probably spoofed to appear like they are from legitimate / trusted sources (or they actually *are* sent from legitimate / trusted sources who themselves have been compromised).  This makes them incredibly hard to defend against (especially if your organization still allows spoofed e-mail inbound). 

Hopefully articles like this will get companies here and abroad thinking about this 'problem' and what they can do about it.  I think awareness is a big first step . . . people need to at least be in the 'they really ARE out to get me' mindset (even if you're not a CxO) . . . other actions can be taken to attempt to reduce the threat as well (perhaps implementing a Domain Keys or ahem a SenderID type solution) . . . or perhaps other policies like enforcing a 'signed e-mail' policy that requires a private key stored on a smartcard be used to sign all e-mails - while not a panacea at least raise the bar a little bit for the bad guys with respect to spoofed incoming e-mails.

This is not a problem technology alone can solve.