Yes, people always say that humans are the weakest link, but sometimes I feel as though that's a derogation of responsibility by larger organizations. They just blame it on the people all the time.
Absolutely, more education and awareness is needed, but also the development of a proper security culture inside organizations, not just the people down below. Everybody must have this kind of security culture and make sure it's delivered in a sincere manner. It's not a case of people barking commands at you, but a genuine prevalence and leadership by people who are trying to promote a security culture.