Security Hype vs Reality

---

Any hacking organization knows that the weakest point in security is people. Humans can be manipulated into taking actions to let an intruder in.

Modern access controls are effective if access is granted only when needed to meet business needs.  This is rarely the case. 

Best practices security guidelines are generally abstract and not detailed enough to truly secure a modern enterprise.

Hackers wants to find users who have administrative rights.  The number of people who have been granted admin rights is typically far greater than needed.