Employees continue to be the weak link in building and operating effective cybersecurity programs. Organizations need to take unique approaches to employee security awareness training such as gamification to break the cycle of monotonous and ineffective training. Don't judge success by the number of phishing exercises your organization performs.