No amount of technical skill can overcome a company culture that opposes security. When policies conflict with project realities in such a way that there is no “right” action, people will take the path of least harm, first to themselves, then to the company. If we understand the motivations for non-compliant actions, it is possible to reverse-engineer the cultural incentives in order to fix them.
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Blog. Read the original post at: https://www.cylance.com/en_us/blog/hack-your-culture-improve-your-security.html