Freaking out about this week's high profile cyber attacks against prominent targets such as the CIA? If you're thinking to yourself, “If the CIA can get hacked, what chance to we have?” you're on the right track. However, resist merely throwing more technology at the problem. As with many of these cases, it's often not the technology that's the problem: it's the organization's employees.

Often the most vulnerable link in the chain of a company's cyber security is a badly trained and poorly managed staff. It may not be malicious (as in, insiders deliberately stealing information to sell or share) – it could be simple accidents from sloppy internal security practices: clicking on a compromised link, for example.

More rigorous training may not end the abuse of corporate cyber systems, writes Reuters (News - Alert) in a timely article which addresses the rash of security breaches in the last few days and months. Many hackers are simply cleverer than you, your employees and even your IT workers. What this means, says Reuters, is that “100 percent security is probably unattainable.” However, there are steps companies can take to significantly reduce the risks, specialists say.

The same goes for the adoption of intrusive new ways of monitoring employee online behavior and compliance with good cyber practice, some security specialists told Reuters.

“(High-tech) Bells and whistles are no use if you don't have trusted, loyal and well-informed staff,” said an industry executive who spoke recently at a closed door cyber seminar.

Where most companies need to ramp up security is in the “end point” – with the users. These are your employees who have access to confidential material but don't follow the correct steps to secure that information. Relying on technology as the be-all and end-all with leave you with a false sense of security (as the CIA is discovering this week).

“Technology is only a part of the problem -- all systems are composed of people, processes and technology -- you only need to break one of the components to attack the system,” Steve Purser, a senior expert at the European Network and Information Security Agency, a European Union body, told Reuters. Purser said there were no “hard and fast rules” about monitoring staff online because data differed in sensitivity and context.

“The important point is to communicate the rules to staff and to ensure that the rules are being followed,” he said.

This internal people-based security is particularly important during an economic downturn: inevitable lay-offs create disgruntled employees determined to “get back” at their employer by walking out the door with proprietary information they may use for mischief...or profit, by selling it.

While many companies “are queasy about the notion of intruding on employees' online work,” writes Reuters, analysts note that ackers are doing exactly the same thing -- and imperiling jobs into the bargain.

“It's the people side of the equation that is letting the bad guys through right now,” said Neil Fisher, Vice President of Global Security Solutions at Unisys (News - Alert) Corp told Reuters.

So how well do YOU know your people and how they use your sensitive internal data? It may be time to find out.