Systems can be difficult for hackers to crack. Humans, on the other hand, are far easier to exploit. A distracted, curious, impatient or just plain careless user can inadvertently throw out a welcome mat for attackers. Enterprises often rely on technology to pick up the slack; even the world's most sophisticated security infrastructure and software is incapable of wholly compensating for a lack of IT security awareness among an end-user population.

In 2018 and 2019, Osterman Research published research that makes clear that even though hackers are targeting employees more than ever -- with a notable rise in phishing attacks in particular -- enterprise efforts at cyberdefense training are lagging behind.

Learn more about the human side of security risks and areas of opportunity for IT security-awareness training.