Crush the triangle – by Raymond Comvalius
I once wrote a book in 2009. The security chapter started with the famous triangle consisting of three focus areas: security, usability, and cost. The message at the time was to choose two because it was impossible to create a secure and user-friendly solution without adding a significant cost component. What has changed since then?
Well, the security landscape has changed a lot, especially because of the potential cost involved with a breach. In recent years, we have seen many organizations being seriously hurt by ransomware gangs who base their ransom on the profitability of the company in question. The higher the profits or revenues, the higher the ransoms to be paid. This is where chances are for the CISO that it is no longer a theoretical idea that the business might get hurt from an attack. The threat is real, and defense comes at a cost. Today, it is easier than ever before to calculate the cost of a breach.
...
