In spite of all the high-profile breaches that seem to sweep the headlines with greater frequency, companies slowly but surely have been getting a handle on internal security practices. At this point, it's hard to imagine any employee, in or out of the tech sector, who hasn't been run through antiphishing training. However, security is only as strong as its weakest link, noted David Bryan, a penetration tester and senior managing consultant at IBM X-Force Red. The link that still needs reinforcing is also the most fundamental: developers.