Employees and non-employee contractors continue representing the most critical weak link in the IT chain. Too many employees, and vendors using corporate networks, are still falling for phishing attacks. Enhanced worker training on cyber risks helps, but training coupled with stronger systems offers the best protection against cyber threats.