Employee Training Isn't Enough

Referencing an article in CSO (a reprint of a CIO magazine article) simple employee training to detect and deter insider threats isn't enough.  It's not a one-time thing or an annual thing.  Companies need to develop a culture of security that encompasses changes across people, process and technology to help thwart internal threats.  

"Employee-related security risks top the list of concerns for security professionals, but organizations aren't doing enough to prevent negligent employee behavior, according to a new study."