Companies are often so focused on network attacks that they forget that real human beings pose a great threat as well. Called social engineering, people pretending to have credentials they don't can exploit human vulnerabilities rather than technical ones. For example, an attacker could simply phone and ask for security details. Part of the problem is that HR thinks information security is an IT issue. To fix the problem, start by bringing IT, physical and human security together under a true information security management system. Also think about how you allocate your security budget. Is it balanced in proportion to the threats you face and the spread of vulnerabilities within your organization? Develop a thorough understanding of human vulnerabilities, with an appropriate balance between systemic improvements to shield human weaknesses, and effectively targeted training and awareness building.

Read more about social engineering:
- read the article at Computer Weekly