Well the biggest questions over here are:
1) Though AVs, firewalls and IDSs keep the networks perimetere secure, how can we train the HOS to identify any mischief?
2) People who are naive to the internet will never know that they are becoming a victim of a phishing attack. Even after warning the population to check the URL, the SSL favicon, the padlock symbol to ensure the authencity of a websit, how many bother to check that?
3) Techniques like email spoofing add to the nuisance. Who bothers to check the headers of an email to verify the origin if the message?
4) Can there never be a security solution to Social Engg?
I as a script-kiddie had launched quite a few phishing attacks. But being a White Hat I only grabbed email a/cs, no bank accs. Though I never misused them, but merely accessing those accounts gave enormous information about that person including bank & credit card details.
Will we ever have a solution??