Security is no longer an optional entity, and it is no longer acceptable to have it as an add-on to the system after building it. It is now built along with the system and is ingrained in it. It isn't wrong to say that it is one of the first things that is discussed when the system is built. Even the DevOps that we learned in the last chapter is becoming SecDevOps (or sometimes DevSecOps), where the Sec is for security.
You might consider this as being paranoid, but this paranoia about security is not unfounded; it is simply a fact that the number of attacks is rising and the cost of attacks (including losing data, losing customers, and losing brand value) has become enormous.
In order to get perspective on the number of attacks, according to some of the numbers given by the FBI, 4,000 ransomware attacks happen every day (which is a 300% increase from 2015) and the damage has increased to US $5 billion ($325 million in 2015), as mentioned in the report...