The phrase its just human nature! is more than a clich. Cybercriminals already appreciate this notion, as evident in the rise of successful phishing and other social engineering attacks. An understanding of the human condition is just as important from the IT defenders point of view when building a secure infrastructure. To offer a simple example: almost everybody at some point will use or be invited into a group on a file sharing service like Dropbox. Yet, how many files have you been given permission to access that you no longer actually need? A look down the access list of many Dropbox groups will find a lot of names that really shouldnt be there. Not to pick on Dropbox, but it doesnt have a mandated expiry date for group access, and although removing permission takes just a few clicks, it is often overlooked for the sake of convenience.