Play Blame the Victim
Someone called the help desk with a phish? Laugh at them for falling for it. Some firm got breached? Post it to Facebook and enjoy the schadenfreude. That's often how the IT security community and industry responds. So how's that working for us?