Everybody wants to be secure but not everyone is willing to make sacrifices to achieve it. The security/functionality/ease of use triangle is a simple but effective representation of the challenges faced when implementing security of any kind. When applied to IT security it acts as a sliding scale directly impacting all three of the points. IT security is not that different from other types of security like physical security, financial security, or national security but it doesn’t get the respect it deserves. The fact remains that as we make something more secure it generally becomes more difficult to use or less desirable from an ease of use perspective.
If you look at the triangle and see yourself closer to the security point of the triangle then you probably have a bulletproof email password, full disk encryption on your workstations, two factor authentication for all of your web apps, and can spot a phishing attempt from a mile away. That person would find themselves in the minority when compared to the general population. The problem is most people do not practice good habits or common sense where IT security is concerned.
Verizon’s 2015 DBIR (Data Breach Investigation Report) found that 50% of phishing emails are opened and 10% of them have the link within executed. These phishing attacks require a user to take action for the malicious activity to take place yet they are successful 10% of the time. This is just one of the many statistics that show we have a long way to go in the area of IT security. You can put up the tallest wall around something you want to protect but if someone with a key is going to let the criminal in the front door then the wall isn’t going to stop them.