The point being made here was that fifteen years ago, we had several security issues such as:-
• Employees forgetting their passwords
• The odd virus getting through
• Employees accidentally accessing inappropriate websites and downloading malware
In spite of everything we still have the above issues today, which is costing business money in supporting the old regime eg money is still spend on enough support people to reset passwords.
So why not spend the money used to rest passwords, rebuild computers and hire security engineers differently as we haven’t been able to fix these problems using traditional methods.
I quite liked another keynote speaker, Ivan Krstic's comments that we really should be looking to change our security model totally and perhaps forget about backward compatibility and legacy if we are to move forward.
The money saved on constantly resolving problems and fixing issues cause by intrusions, virus outbreaks and cyber attack may justify this mindset change straight away.