Security awareness is grossly undervalued by most organizations. While large sums of money are spent on carefully designed infrastructure bolstered by software and services and maintained by talented security experts, a comparatively small portion of the cybersecurity budget is used to educate employees. We know that breaches can begin with successful phishing emails and stolen credentials, these attack vectors don’t get the attention they deserve.
A security team can sink an infinite amount of time and resources into strengthening your infrastructure, but it’s all for nothing if a default password is used by an exec, or someone in HR makes the mistake of responding to a clever phishing message.