IT pros tend to focus solely on technology to solve endpoint security problems. After all, if malicious software is the poison, it's logical to look to signatures, heuristics, and cutting-edge detection for the antidote. But that's a mistake. Human vulnerabilities--ignorance, inattention, gullibility--are just as exploitable as software vulnerabilities, if not more so.
That means everybody has to be part of the security program. And the message that security is important has to come from the top and reach all levels of the organization.
Of course, it's easy to say, "Get everyone on board with security."
