Computer security engineers commit the three biggest mistakes senior management makes in computer security. In part that’s because the incentive is weak: No one gets credit for a breach not occurring. Fighting malicious hackers and malware requires a sustained effort. It’s war, so you need to approach the task with a battle mentality. Communicate the biggest threats to senior management, and fight those battles in the trenches week after week. In most environments, it’s people running software they shouldn’t, such as Trojan horse programs.”]
Source: https://www.csoonline.com/article/2615226/the-3-biggest-mistakes-made-by-security-pros.html