Why Humans Remain the Biggest Vulnerability in Cybersecurity — Expert Insights from Bobola Ayo-Fanibe

  Interview with: Bobola Ayo-Fanibe, Lead SOC Analyst, FNZ Group (UK) As cyberattacks continue to rise globally, organisations are investing heavily in sophisticated security tools — from next-generation firewalls to AI-driven threat detection systems.

Yet according to Bobola Ayo-Fanibe, a Nigerian-born cybersecurity leader and Lead SOC Analyst at FNZ Group in the United Kingdom, the biggest vulnerability in cybersecurity is not technology – it is people. “Attackers don’t hack systems first.

 They hack humans,” he said. “If the human element is weak, even the most expensive tools will fail.” Technology Is Evolving — But So Are Cybercriminals The cybersecurity landscape has advanced rapidly in the last decade.

 Most organisations now rely on automated tools that scan millions of logs per second, flag anomalies, and block threats instantly. However, cybercriminals have adapted just as quickly. “Most breaches I’ve investigated did not start with a technical failure.

 They started with a human mistake — clicking a link, trusting a fake email, ignoring a warning, or misconfiguring a tool.” Human Weak Points — What Organisations Get Wrong Many organisations become overly confident because they invest heavily in tools but underestimate human behaviour.

 Employees reuse passwords, ignore security prompts, click phishing links, grant excessive privileges, or trust emails without verifying senders. “A tool cannot train the mind. Only consistent human education can.” Why Human Training Is More Important Than Buying Tools Investment in tools must be matched by investment in people.

 Ayo-Fanibe highlights:

 1. Humans make tools work.

2. Humans make decisions tools cannot make.

 3. Humans are the primary target of attackers.

 Real Incidents Show the Pattern Phishing attempts frequently bypass technical controls because an employee willingly interacts with a malicious email, downloads malware, or submits credentials to a spoofed website. “Human psychology is the real battlefield.” What Organisations Must Start Doing

 1. Mandatory, continuous cybersecurity training.

2. Simulated phishing exercises.

 3. Non-punitive reporting culture.

4. Executive-level security awareness.

 The Future: Human-Centric Cybersecurity While automation evolves, the future is human-plus-machine, not machine alone. “We need strong tools, yes. But the strongest firewall is still a well-trained human mind.” He is currently developing a phishing-resistant email client for executives under TalithaCumi Security (TCS), focused on behavioural risk reduction.

 A Message for Organisations “Cybersecurity will continue to fail if humans remain untrained. Tools don’t click links — people do. Tools don’t trust fake emails — people do. Train your people, and your tools will finally work the way they were meant to.” 

Bobola Ayo-Fanibe is Lead SOC Analyst, FNZ Group, United Kingdom (UK)

Related Articles