But it can work - if people would get out of their own way.
Looking at it from a psychological perspective (a great way to view security trends/challenges), it's really about the choices people are making - or not making - about security:
- Choosing to ignore the low-hanging fruit that's present on every network this very moment.
- Choosing to believe that security is a problem for the IT department to manage.
- Choosing not to enhance their communication skills so people will "get" what's being said
Too many people are acting as if everything is out of their control, like low-information voters at the ballot box.
Like I talked about in this new guest blog post for Rapid7, don't let history repeat itself so that you get burned. Step up or step aside - somebody needs to fix this stuff.