The SANS Institute has some controversial advice for computer security professionals looking to lock down their networks: Spear-phish your employees. The U.S. Military Academy at West Point sent a bogus e-mail that looked like it came from a fictional colonel named Robert Melvillle. “Human vulnerabilities” will make their first appearance on a list that is typically made up of software products like Internet Explorer, databases and file-sharing applications. The human factor is being exploited in a growing number of targeted attacks as more and more online criminals come online.”]
Source: https://www.csoonline.com/article/2120959/sans-institute–human-error-top-security-concern.html