Andrew Froehlich: Malware exists, but it consumes a lot of resources unnecessarily. He says IT security professionals place too much emphasis on data loss through malware than they should. It’s far too easy for regular, untrained people to simply pick up the phone, call an employee, and glean important information from him or her while pretending to be a student, vendor, or a fellow employee. The chances of information leaks and other security breaches goes up significantly because your IT security team tends to ignore employee education.”]
Source: https://www.darkreading.com/attacks-breaches/malware-more-hype-than-reality