Roger Grimes: Enterprise security today is in a sad, sad state. Cyber criminals are pulling off millions of dollars in heists on a daily basis. Senior management needs to understand that the old cost-benefit models no longer apply. The cost of not doing anything different is too high. Rank the risks from the top to bottom and get to work on fixing them now, he says. Put less stock in exotic, superadvanced solutions and concentrate on improving the basics: better end-user education, better patching, better software design, default encryption.”]
Source: https://www.csoonline.com/article/2620213/the-cost-of-bad-security-is-higher-than-you-think.html