ABSTRACT
The top human vulnerability hackers exploit is the human propensity to trust. Far too many invite hackers into their computers and networks by, for example, clicking on malicious attachments from unknown senders and succumbing to phishing. The chapter proposes a combination of consumer education and training and improved technical defenses. Organizations should be training their employees not to respond to phishing lures. But training is not a panacea. A good training program might result in a significant reduction in the rate at which employees will fall for phishing lures, but studies of such training programs make it very clear that the rate will not drop to zero. In addition, training essentially makes people less trusting of others. Improving technical defenses reduces the need to create a world in which people are less trusting of each other.
