By now we all know that Oscar Munoz (CEO of United Continental Holdings) is Satan incarnate and his employees are the minions of hell. At least, that is what people are thinking after viewing the video taken over the weekend, which shows passenger David Dao being beaten and forced off a flight from Chicago to Louisville. The short clip taken by a passenger with a cell phone has permeated almost every social media site in the world and United has been tried, convicted, and sentenced in the court of public opinion.\nAs you read further please remember this critical fact about information security: People, not systems, are the greatest threats and always have been.\nLose reputation (and money) at the speed of light\nThe damage to United is very tangible and likely long lasting. At one point earlier in the week the company had lost over a billion dollars in market cap. In addition to the ongoing furor in the United States, by Wednesday of this week the video of the incident had been viewed by well over 100 million people in China (Dao is of Vietnamese dissent). Many of these viewers are now calling for a complete boycott of United Airlines.\nIt\u2019s no secret that all the major domestic airlines are lacking in their treatment of passengers. In this article by John Paul Rollert published in Fortune, we see that the federal government has created a number of regulations that allow air carriers to routinely treat passengers with little regard. There are hundreds of thousands of complaints lodged each year with the FAA that yield only trivial punishment against airlines. And the treatment isn\u2019t relegated to just the lowest paying customers. Even first class fliers like Geoff Fearns have been threatened with handcuffs and rough treatment for failing to yield to even more important passengers.\nAs most veteran fliers will tell you, these incidents have been part of air travel for decades. United probably felt the same way when the Dao incident first happened, which is why their initial press releases seemed so tone-deaf to the general public.\nSecurity breaches can take many forms\nSo what makes this situation so different and why? For all of the outrage being expressed about the incident, many people are missing exactly how United got into such trouble. Every single problem originated from a one source \u2013 the passenger taking the video. Think about that for a second. Air carriers have been mistreating passengers for decades. But it wasn\u2019t until this incident that the world got a first person view of what can actually happen to people within the opaque walls of a jetliner.\nAt first it may seem like a stretch to claim that the beating of Doctor Dao could be compared to a cyber security breach. Nobody hacked United and no cyber systems were breached. Yet, the passenger taking the video exposed a secret side of United that directly contradicts millions of dollars that they spend in marketing every year (\u201cFly the Friendly Skies\u201d). Without the video there would have been no tangible proof of the misconduct of United Employees that the world could see and thus no outrage.\nFor comparison, let\u2019s take a look at a classic case with actual cyber penetration and compromise. In November of 2014, the networks of Sony Pictures were hacked. The people responsible for breach were able to gain almost unlimited access to all of Sony\u2019s information. A large amount of material from the hack was ultimately released including movie scripts and personal employee data. One of the most damaging leaks centered on email correspondence from a producer named Scott Rudin. In multiple emails he was shown to have disparaged such people as Angelina Jolie, whom he referred to as a \u201cminimally talented spoiled brat\u201d and then President Barack Obama. The comments about Mr. Obama were apparently racist in nature. Rudin\u2019s behavior was well known within the industry but because it wasn\u2019t public, his actions were considered contained and \u201ccontextualized\u201d. But when the information was exposed to the world at large Sony endured a great amount of public shaming. Reputation damage is sometimes hard to quantify but Sony estimated that they lost at least $35 million as a result of the breach.\nBegin with your people\nIn both the case of United and Sony, the true damage was caused by a lack of employee training and awareness. At Sony, it was Rudin\u2019s behavior and lack of personal awareness that contributed most significantly to their losses. With United it was the lack of training for their personnel that ultimately led to the mistreatment of Doctor Dao. The written statements by CEO Munoz also point to an utter failure at the highest levels to prepare executives to handle the situation with which they were faced.\nOne of the most important components of cyber security training is to convey to employees an awareness that they should consider everything they say, do, and write is being recorded at all times.\nThink about your own organization. Despite every investment made in hardware, software, or services to strengthen cyber security, how much trouble could a single person cause with simply a cell phone camera, if he or she was in the right place at the right time? We can all learn from the pain of United right now. Without proper training and education for the actual people in our workforces, no amount of technology will protect us. Because people are our biggest risks, the foundation of any serious cyber security defense starts with training.