I agree with matt.matheus. It is not a losing battle, but you have to constantly fight against the current. You also have to have all members of the team rowing the boat. Too many people in IT think it's the security teams job or attackers are not interested in the organization that they dont need to worry about security. Gideon Tam also made a good point that you need to educate those in IT and users alike.
Clik here to view.
