Here's my advice for them… Security has to be approached from the bottom to the top, within reason, and must be practical. The fact is, even with all the security grand standing from these organizations, breaches are occurring at a fever pitch with no end in sight. You have to ask why enterprises are still only one connection away from a massive breach from home offices or mobile devices. Piling more complexity into this fact isn’t going to help security because it fosters shortcuts, creates confusion, and would argue favors the attacker.
So when these organizations want to get serious, this is the conversation I would actually listen to. We do not want to hear the constant advice and information being passed on that can only be considered by the top 5% of businesses. Lastly, we need to curb this pay-to-play approach for security because this in itself contributes to the security problem.
Looking forward to that discussion!