Security experts have long focused on local administrators/root — and recently even more on all-powerful network administrators. But its a mistake to think that hackers seek only the obvious prizes — ordinary users often have more power than you think. Many companies consider themselves hacked when the official Twitter or Facebook account of the company has been compromised by a phishing attack on the employee managing the social account. Some companies track each employee’s personal threat value, with all employees ranked from top to bottom.”]
Source: https://www.csoonline.com/article/3067759/you-too-whos-on-the-hacker-hit-list.html