However as users are clearly becoming a primary attack vector, security programs need to acknowledge that more resources, or at least the appropriate resources, should be allocated to strengthening the targeted vector. While the appropriate investments need to be made in security technologies, there has to be an acknowledgement that countermeasures need to likewise address the point of attack.
There is no silver bullet when it comes to stopping attacks. However as users have been shown to be a primary target for some of the costliest attacks in the history of computer-based crimes, security programs need to start applying the appropriate resources to awareness as a countermeasure. Again, this does not mean that you don't also invest in additional technologies that help mitigate user awareness failings, but you still need to address the primary attack vector as well.
It is time to acknowledge that the most damaging attacks initially target humans, and that a proportionate amount of countermeasures needs to be allocated to making humans more security aware. It is not easy, and there are admittedly few people who know how to implement a successful awareness program. However, it is time to take not just the threat, but the reality seriously and start focusing efforts appropriately.
Sign up for Computerworld eNewsletters.