>Are your people downloading and installing random software all the time?

Yeah, just looking at the app control logs, they evidently wanted a weird notepad app, someone else tried a bespoke browser, random browser extensions, some audio tool instead of using the licensed Adobe products, whatever. That's before we get into the people who try to install games or cursors or custom wallpaper and amusement widgets. There always seems to be someone who uses the work tools for porn and clicks on things. These things show up in 5-person and 5000-person offices alike.

Good judgment gets individuals pretty far but it's not workable with a critical mass of people. Many orgs are under attack from convincing and intentional spearphishing, and the common denominator in how most attacks start is people. Not all attacks, but lots.

On top of that, I think we'd fall behind on some of these attacks without stuff like 3rd party 24/7 SOCs - the last few incidents I read, cookies were re-used in seconds after being phished, and command and control sessions were detected almost immediately in a different attack.

I find all of this exhausting stuff as the norm when I talk to people across the industry, and yet I don't bother at all at home - I'm living both realities.