Study: Security measures often overlook human factor
A large part of the problem is that organizations remain focused on external threats such as viruses, while internal threats are consistently underemphasized, the survey found. Executives are quicker to spend money on technology such as firewalls and virus protection than they are to properly prepare their employees.
"Companies face far greater damage from insiders' misconduct, omissions, oversights, or an organizational culture that violates existing standards," Edwin Bennett, global director of Ernst & Young's technology and security risk services, said in a statement Thursday. "Because many insider incidents are based on concealment, organizations often are unaware they're being victimized. Too many organizations feel that information security has no value when there is no visible attack."
No kidding. Social Engineering has been the preferred method of hacking since time hacking began. It is telling, that years after even Hollywood has made a movie about social engineering and computer security top executives still do not get it.