In his worldwide bestseller Secrets and Lies, Bruce Schneier made the case that achieving successful computer security is about more than just hardware and software, it's people. Truly, the greatest vulnerability in protecting the business assets of any company often lies with the company's own employees. Although corporations go to great lengths to install state of the art systems, they continue to ignore the human element of information security. If a hacker calls up some VP's assistant and makes false claims in order to get said VP's network password and is given it, it doesn't matter if you have the ultimate firewall and the most powerful server on the market. Without proper training and security procedures, employees are highly susceptible to what are called "social engineering" attacks that lead them to unwittingly open doors within the organization, both in the literal sense and the information technology sense. You can say what you want about Kevin Mitnick, but know this. There is no one on the planet who has more experience with "social engineering" techniques, and no one who is better able to advise on how these kind of attacks are carried out and can be prevented.
