Last
year, 60 percent of all targeted attacks struck small- and medium-sized
organizations.
These organizations often have fewer
resources to invest in security, and many are still not adopting basic best
practices like blocking executable files and screensaver email attachments.
This puts not only the businesses, but also their business partners, at higher
risk.
(Symantec Internet threat security report
2015)
I think there is a simpler answer:
there are more small and medium organizations than big ones.
The financial people have not enough with
ruin the economy, they also ruined the IT departments and put many companies at
risk. The results speak for themselves.
It is a sign of the great lie of our
"bring your own device." BYOD
The first presentations I had the
opportunity to hear from the hand of some "Evangelists" belonging to
the world's leading companies with thousands of employees such as Cisco,
Dell or HP, summarized in small letter in the early years of the
global crisis as very simple:
“If we give
an employee € 1,500 and he goes to your much cheaper laptop in a Media Markt (for example), then I don’t need
give him a computer and support for three years”.
Companies have spent millions of dollars to obtain this result:
“This allows
the firing of many people in our help desk and moving the user problems with
the PC's outside our area of support. The result is that we can save millions
of dollars.”
It was a
bad financial decision, not a technical or professional one.
Now all presentations
for investments of thousands of dollars are based on tools with all kinds of securitization, deployment of
applications, support applications, and monitoring users with heterogeneous
platforms. Worse, if we recognize that 90% of security problems are due to this
and it’s reflect some of the attitudes of the end users.
Lack of
knowledge and weaknesses and user error show that this decision was a serious
mistake or one perfectly planned and with
awareness of its consequences to speculative financial decisions.

My conclusion:
The device, which only allow use corporate applications, must belong to the company.
Result: It
is cheaper, more secure, more logical and more functional.
IT people must
learn to be financial advisers too.