Someone recently said that a business needs to think of security like an onion - in layers. There should be waves of protection that range from physical barriers to entry to technical barriers to entry to logical barriers to entry.
My consulting engagements are typically with companies of 100 employees or less. Often these businesses don't have an I.T. department. The closest they come to having a sysop is analogous to the "key operator" that handled copier problems.
These businesses are getting mixed signals about security. Stories like this one make it clear that market leaders aren't necessarily the places to turn when something as important as security is at stake.
Symantec spills email addresses of list subscribers. Tut, tut [The Register]
Microsoft's Trustworthy Computing initiative will be scorned the first time something like this happens to the company or those using its software.
