At the end of each year, when we look back at the year in review and the attacks that happened, despite new technologies and more security, we see yet another banner year for the attackers. Something is not working. Could it be that we, as security practitioners, are approaching security challenge incorrectly, or is it that users are the biggest problem? In this session, we will dive into the anatomy of several attacks and examine what could be done to change the outcome for 2012.