Recent attacks have shown us it is irrelevant how much you spend on reinforcing security. Basic misconfigurations and lack of visability will always allow criminals to create toolsets that leverage exisiting vulnerability.
• Avoiding the language barriers between business and cyber functions.
• Development of a coherent risk framework (Quant)
• Designing with breach as a probability
• Back to basics: design, develop and test.