It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true.
The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access to an organization. Leveraging highly automated methods (such as phishing that redirects users to compromised websites), attackers must only fool one employee to start a catastrophic attack against the entire organization. These methods are extremely effective and low cost, as they require modest technical capabilities. Thus, the employees-are-our-weakest-link mantra became an unquestioned industry dictum, embraced by both defenders and attackers.
