The short answer to this problem is no. Humans are simple creatures of predictable habit.
The long answer is that many individuals and organisations simply do not know, or care about, the risks associated with using passwords and basic email systems as opposed to multi-factor authentication and encrypted messaging systems.
Anything electronic, and I mean ANYTHING, can be intercepted.
Most people like to think that their lives and day-to-day e-mail communications and applications that they use are either simply too boring to be interesting to those with nefarious intent, or they have their head stuck in the sand thinking that security by obscurity is being hidden in the billions of people who are also using passwords and email systems. Indeed many individuals may not even be aware that the sand is there to even put their head into, blissfully unaware that their “private” communications may be open for perusal by anyone with a modicum of intent.
Unfortunately for organisations, most employees couldn’t even particularly care about information security, unless it impedes them in getting their job done, and then it becomes a problem. What incentive do they really have to care about it, and how will it impact them personally if the corporate apps are breached? Most individuals would care far more about their personal smart phone, social media or banking security than their workplace electronic security.
Two bodies of work have recently been published in CSO that give some insight into these common areas of human weakness.
Email: now sit back for a bit, think about whom you email and what the content in those emails contains (also who and what is emailed to you). Now assume that the sender and recipient are not the only two individuals receiving that information but that it is being posted to a publicly accessible website for the world to peruse. Would your behaviour (and content) modify? (see the commentary by George Fong ; http://www.cso.com.au/article/560207/r-p-email/)
Passwords: Likewise those non-human friendly password policies; no less than 8 characters, one must be uppercase, one must be a number, and one must be a symbol. Don’t forget, always use a different password for each of the
It is ironic to think that the people who are jumping on the anti meta-data collection bandwagon are the same as those who rely on and use e-mail systems in their current form (i.e. without any form of encryption) and are also humans, not robots, who physically cannot comply with regularly changing different complex passwords for all their applications. If someone really wants your stuff, they will get it eventually, regardless of who that someone is.
Some circular security questions arise from chasing our tails: how does one make security systems that are both secure, and usable? Encryption is required for message transmission. Additional authentication factors are required for application access beyond the something you know password, because computers are faster than us at picking our puny passwords.