Roger Grimes: Waterhole attacks are a tailored to the victim, down to the computer platform. They’re like targeted spear phishing, only without the email, he says. Grimes: Start by monitoring the top 100 websites favored by employees responsible for your critical infrastructure. You can bet that all the world’s full-time cyber criminals are paying attention to these attacks. How do you defend against a threat that isn’t inside your network, whose assets you can’t control? Start by making your users — especially those with access to critical infrastructure — aware of waterhole attacks.”]