EDIT: Much has changed from 2016 and yet, remains the same. While this was originally written in response to the Snapchat employee breach we can see continued successful attacks against organizations utilizing basic attack vectors and failings to human error.

I’m often asked as a Cybersecurity, Governance, and Risk Management expert….what keeps you up at night?

It’s people, it’s always been, people.

Properly deployed technology doesn’t need a vacation, come to work feeling awful due to being sick or a severe cold impeding performance. Your cloud deployments, brick-and-mortar approach to a firewall, IDS/IPS, and router deployments that you spend millions on mean zero and zilch if Joe Smiley in supply is not security-aware and educated enough not to open and or respond to a phishing email as an example.

People ultimately are the cause of many and most breaches. Lack of effort and lack of performance. We design and implement the process and procedures. We deploy the technology.

We have met the enemy and he is us.

Security Awareness isn’t cutting edge nor is it sexy for many security professionals and it continues to lag behind the effort placed into the latest widget. Security Awareness goes a long way in establishing a long-held theory on my part that an Information Security department of 40 could quickly become a virtual department of 40k strong ……with the right training and the right incentive.