All the security problems we've seen can be split into two groups: technical problems or human errors. Fixing technical problems can be hard, slow, and difficult, but fixing human errors might be impossible.

The Two Problems

In the end, all information security breaches or data leaks are attributable to errors in technology or human error. Technical errors, such as vulnerabilities in online services caused by programming mistakes, may be difficult, slow, and expensive to fix, but at least they are fixable: find the bug, fix it, find all the vulnerable systems, and update them. Human errors, on the other hand, are practically impossible to fix.

People tend to:

• Use the same password across all services
• Open a remote connection to their computer when a scammer requests this over the phone
• Run shady utilities downloaded from the Web or install unnecessary browser extensions
• Use their computers with administrator credentials, even when this is not required
• Open each and every attachment sent by email, no matter how shady the sender appears to be
• Open Office documents found online and click “Enable content” when the document tells them to
• Fall into traps and enter their credentials on phishing sites

No patch or hotfix is available for the human brain. The only way to update people's skills is through training. However, after decades of experience, I can say with confidence that training nearly always fails. Regardless of how many times you tell users not ...