The security industry is great at producing new shiny tools, and executives in enterprises are often blinded by the promises made. These tools are then used to cover up their amassed technical debt. This talk will go over the still old-fashioned unsolved problems of organisations, which are repeatedly misused by attackers nowadays. It subsequently will make a case for a shift in industry priorities.