It’s an oft-repeated saying that “People are the weakest link”. The Infosec community have been saying that for so long that it doesn’t have value any more. If we look at other areas of technology where the general public interact regularly with technology, electric plugs and sockets for example, you’ll see a series of design choices that minimise the risk. If you’ve designed an app and it’s easy to misuse then you need to revisit the design choices…:
[…] Employees seem widely to be regarded as a weak link for most firms’ cybersecurity efforts. Seventy-one percent of business leaders say they worry about human error causing a cyber-issues, while 64% say they regularly remind employees about the risk cyber-crime presents. This is understandable as according to Gallagher, among businesses who have experienced a cyber-issue, 39% said breaches related to malware where an employee clicks on fraudulent link. A further 35% said staff had been caught out by a phishing emails.