Create systems that are complacency immune
by Volker Weber
It's not the individual's fault! It's up to us - the technology industry - to create systems that are complacency immune - that are designed to be complementary to the way that users and administrators really act. And it's up to IT to realize that it's their responsibility - likely to the point of liability - to broadly deploy technology that is configured to be secure in a complacency-immune fashion.
No, it won't be perfect: this is all about risk management. You can't control how people behave - so create an environment in which they do the "right thing" naturally.
Amen