CISO’s biggest fear is waking up to find their organization in the headlines reporting a security failure – which they do not have under control. Replace YOURCOMPANY with your organizations name in the examples below. Every registration page your company owns where someone can sign up, upload and download data (such as a CV to your careers page), can be utilized as a command and control server. Remember, it’s not the headlines that CISOs fear, but it’s being prepared enough to respond.”]
Source: https://www.darkreading.com/black-hat/what-keeps-the-ciso-awake-at-night/d/d-id/1333101