The quickest, and arguably most effective way, to compromise an organization is via social engineering. Social engineering in the digital sphere is almost always synonymous with some form of Phishing attack.
Phishing attacks, in it’s simplest form, is the basic act of luring a victim to some bait to achieve some outcome.
Think of the act of fishing. You attach a worm to your hook, and you cast it into the water. You wait, and eventually a hungry fish comes along and says, “hey, lookie here, dinner..”. They bite, and like magic, you have caught your fish.