As a cyber security community, we need to re-think our commitment to – and investment in – compliance. Can we all agree it’s not working? If successful breaches were confined to organizations that either didn’t invest in compliance or were unsuccessful achieving it, then we could talk. But we all know that’s not the case. We need to start thinking about taking that 40% and investing more in the things that have the best chance of making the bad guys’ lives more difficult. We won’t win every battle, but at least we’ll be fighting the right war.
Show me a large enterprise that was breached and I’ll show you a large enterprise adhering to multiple compliance standards.