In virtually all of the breaches of 2011, there was a human error or failure that could have been avoided. Many of the human errors involved in these breaches were basic mistakes made in the domains (ISC)2 describes in its CISSP program. Security professionals today must understand the concepts of encrypting and authenticating data to protect against such attacks. The lesson we learn from this year’s breaches is that most of them are most common and avoidable to security professionals who understand how to build the right policies.”]
Source: https://www.databreachtoday.com/blogs/2011s-big-breaches-what-weve-learned-p-1136