Lots of excitement in the news in the past weeks. Organizations such as RSA, Epsilon, and Oak Ridge National Laboratory were all compromised via spear phishing attacks. Just recently Sony's 77 million registered users of Playstation Network were compromised, potentially including their passwords. If that is the case, and if Sony's subscribers are using the same passwords for other accounts (such as their banks or at work) this could expose individuals and organizations to greater risk. It appears that attacks are getting more sophisticated and targeted. It also appears that the human is becoming more and more a critical element. By making people understand that they are target and how they will be attacked, we can greatly reduce risks such as spear phishing. By teaching people to go beyond just using complex passwords, but also being careful how they use them and where, we can mitigate the impact of events such as Sony.