An IRS report found that 42% of the issues were basically brushed under the carpet or done in a half assed fashion in the hopes that no one would notice. Security needs to be seen as a partner within an IT organization instead of an adversary. IT teams should not strive for mediocrity. Security should be seamless. The security team should not be buried so far down the organizational stack that they can’t see daylight. Enable security with the ability to execute and provide a safe framework for the enterprise to operate within.”]
Source: https://www.csoonline.com/article/2136194/don-t-be-an-ostrich–remediate-issues.html