[rishabhd]

Completely agree about the management part. Unfortunately, for them, security is not tangible and the capex to implement security tech gives them no revenues in return. Additional opex to maintain it only increases their skepticism if it is worthwhile at all. I remember, for one client, I recommended SIEM with threat intel integration (free one, Alienvault OTX) and asked them to implement it. It went on backburner because they never felt the need to dedicate 2 FTEs, one small server cluster and dedicate operational time for this. Also, since it was not regulated at that time, they never even bothered. Fast forward to 3 years, they had wannacry and had no clue which was the patient zero thanks to ill managed logs and what to even do about it. 500 man hours and ~1000 encrypted workstations (spread across 150 branches) later, they implemented it as part of their "proactive" defense strategy.