No amount of technical skill can overcome a company culture that opposes security. When policies conflict with project realities in such a way that there is no “right” action, people will take the path of least harm, first to themselves, then to the company. If we understand the motivations for non-compliant actions, it is possible to reverse-engineer the cultural incentives in order to fix them.
This is a Security Bloggers Network syndicated blog post authored by Cylance Blog. Read the original post at: Cylance Blog