The weakest link in any security plan is the human element. Social engineers know this and take advantage of it. IT pros know it and bemoan the things users do to put the network at risk. Management knows it - so why aren't they budgeting for and mandating more security awareness training for users of their companies' systems? A recent study showed that more than half (56%) of workers don't receive any security awareness training at all.