One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less and less incidents, then some time later, someone somewhere might ask: “Why are we spending so much on security when we don’t have any issues?” If this becomes an accepted view then cuts happen, upgrades and maintenance don’t get incrementally funded, or investments to mitigate new risks are not made. You know what comes next, slowly but surely crack...
