Your people continue to be your weakest link.
While security training is crucial (and including social engineering in your penetration testing), automated controls that prevent common errors (such as MFA, behavior-sensitive SIEM. DLP, and automatic segmentation) are critical protections against common errors. |