It's every security professional's nightmare. All your best security measures: rendered useless by one great social engineering attack, one lost smartphone, or one weak password.
If only your users understood that security is everyone's job. If only they took your friendly reminders, heartfelt pleas, angry threats, and authoritative demands seriously. If only they weren't so stupid.
Maybe the problem isn't just your users -- it's your lousy security awareness program.
Awareness may be even more difficult than the most complex security architecture rip-and-replace. It's hard.
During the "Securing the Human" panel discussion at the Cyber Security Summit in New York earlier this month, experts shared some tips on how to make security awareness easier and more effective.