Cybersecurity headlines often focus on the clever social engineering and zero-day vulnerabilities used by attackers.  But cybercriminals don’t always have to try that hard. According to this year’s State of the Phish survey, 71% of working adults admitted to taking a risky action, such as reusing or sharing a password, clicking on links from unknown senders, or giving credentials to an untrustworthy source. And 96% of them did so knowing that they were taking a risk. People are a key part of any good defence, but they can also be the most vulnerable.  They may make mistakes, fall for scams or simply ignore security best practices.