He also noted that the trend toward employees working at remote branch or at home, and being allowed to surf the web off the corporate network "makes them extremely vulnerable."

Brian Berger, vice president at Wave Systems, agrees. "Users are going to be users no matter how strong the security awareness education is, so it is critical that organizations have a counter measure in place to help mitigate threats like these," he said. "Specifically, hardware authentication through the Trusted Platform Module (TPM) makes it so the criminals couldn't penetrate even if the employee had a misstep."

Kevin Flynn, a senior product manager at Fortinet, compares training to driver education for teens. "Drivers Ed may help reduce accidents but it doesn't necessarily make teenagers safe drivers," he said. "Security belongs in the network."

However, Scott Greaux, vice president product management and services at PhishMe, said, "Education is an organization's best defense against these threats but those efforts need to break away from the traditional security awareness model and employ creative and immersive education techniques such as mock phishing exercises that both improve awareness and increase retention."

Greaux doesn't rule out better technology as a factor. But he said the human element can heighten security in protocols. "Financial institutions should implement a mix of random and threshold based reviews for all wire transfers," he said. "This will add an extra layer of human interaction with transactions making it more challenging to fraudulent transfers to go unnoticed."