The information security industry frequently utilizes the phrase “people, processes and technology” (PPT) to describe a holistic model of securing the business.

But though this phrase is repeated ad nauseum, we seem to have forgotten one of those three primary pillars: people.

In an effort to secure things technically, we prioritize the protection of our processes and technology, while ignoring a critical element to both the success and security of organizations. While it is common sense to prioritize humans – our first line of defense against cyberattacks – too often we only focus on processes and technology, leaving a significant part of our environment dangerously exposed.