Don’t worry about getting hacked. Worry about getting socially engineered.
Source: Washington Post
So, first and foremost; I think this article is a little bit deceptive. Yes, social engineering IS in fact, the #1 way companies get popped. However, certain technical, security, and education controls can be put in place to help mitigate the factors of social engineering. For instance, if I give a “bad guy” my username and password, that could be rendered nearly useless if I require 2-factor authentication, on some sort of keyfob, or device.
Read more at Washington Post:
We commonly refer to these incidents as “hacks,” as if someone commandeered the victim’s computer and pulled things from it without her knowledge. And in some cases, that is indeed what happened. But frequently, and surprisingly, the opposite is also true: Users freely give up their information, or their friends’ information, to total strangers. They just don’t realize those strangers mean harm until it’s far too late.