the greatest threat for
IT security is an uninformed user
Very often unaware users visit insecure websites, keep their login data easily accessible, fall into social engineering traps and etc. All this helps hackers gain access to data that your organisation values the most.
The best proven way to secure your data and IT structures from such scenario is having an effective security policy that includes an effective Security Awareness Training (SAT) programme. If this is practically enforced, this ensures that every member of organisation practices and preaches IT security.