Is anybody secure? I don't think so

Today must be Vraxx bashes on ZDnet articles day or something. ZDNet UK article discussing the notion was former US security adviser Howard Schmidt to the House of Lords. His talktrack focused on the idea that small businesses just "don't get security". Now far be it for me to contend that small businesses don't get it, the tone of the article however almost suggests that big businesses DO get it. The truth of the matter is, in most cases security, though important takes a fundamental back seat to deadlines and business objectives.

I've seen some great security schema and system administrators in businesses ranging from the mom and pop shop to the large corporate site. The House of Lords seems to forget that there's two aspects to every security issue. Large scale sites are often hard pressed to be able to lock down _everything_ w/o testing and evaluation. Smaller businesses can move more quickly to plug up security issues. Granted a smaller business may not always have the manpower but hell, neither does big business when you look at track records. Human behavior, human limitations will always play a role, no matter which size business you're talking about. In the end it doesn't matter how large the company is, it matters how well structured security is for it.