[agloeregrets]

> The next biggest risk I have encountered is phishing emails and that is 90% user education

I would bet that ~90% of all major breaches today are pure user engineering or user error related. Maybe 95%.

Every item on the list means nothing if a CSR (for example) uses the same passwords for their work accounts as they use on sketchy games from the app store or if they leave your hardware unattended. Boom, breach or even installs of spyware on company systems, good luck finding who screwed up. Many companies are guilty of giving way too many people access to way too much data because 'Business said they MUST have access'. And that is before you even consider the number of people who use work emails as if they are personal emails.