When you think of your most at-risk people, your mind probably jumps to the usual suspects: your CEO, CFO, or the head of IT. But here’s the thing: attackers don’t care about your org chart. They care about access. And they’re getting more creative in finding the right people to target. Enter the concept of VAPs: Very Attacked People or Very Attacked Persons. It’s not about titles; it’s about who’s actually being attacked. Sure, your executives are likely targets. But what about that marketing director signing vendor contracts? Or the HR manager handling sensitive employee data? Or the facilities coordinator with building access control privileges? These people might not have “CISO” in their title, but they hold the keys to your kingdom, and attackers know it.