Quite often, business managers are under somewhat of a wrong impression that technology (firewalls and security software, for instance) they have deployed adequately protects business information that resides on the company's computers and servers. This impression is partially true. Technology and software alone are insufficient to protect information.
The weakest link, from an information security standpoint, is not technology, but people (users in a business context). Yet, businesses do not hesitate to throw technology to secure information in hopes that it is sufficient to stop someone from accessing and/or stealing information. Past and current research indicates that a majority of information security breaches result from actions of people, most of the time insiders, and not from a lack of technology! Actions that employees take, and the ways in which they interact with computers, can have a detrimental impact on the security of information.
Unfortunately, no available technology can influence human behavior or change it and, until that technology is available (an unlikely event!), security will continue to be a business issue, not merely a technical one!
"The weakest link, from an information security standpoint, is people (users in a business context)"
". . . a majority of information security breaches result from actions of people, most of the time insiders, and not from a lack of technology!"
". . . no available technology can influence human behavior or change it"
