At the BSides security conference, MAD Security principals Mike Bailey and Mike Murray said that social penetration techniques are by far the easiest way to break into an organization.

"Bailey said he regularly sends client employees emails informing them the strength of their login passwords is being tested through a new website," writes The Register's Dan Goodin. "They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 percent."

"The vulnerability stems from humans' inherent tendency to trust one another," Goodin writes. "Survival over the millennia largely depended on their ability to work in groups. When one person saw that a group of his peers ate a particular berry and didn't die, he ate the same fruit -- and survived as a result. Hackers who understand this trait can exploit it to access companies' most precious assets."

Click here to read the article at The Register.