Let's imagine. As a new graduate software engineering student, you find your first job in a small startup. Where you are the only engineer.
You get assigned an internal project to improve the quality of life of the company. A project that involves handling all the customers’ data and notes from the company. All the critical data on your hands.
Then you apply what you learned at school and in tutorials, you create a front-end, a back-end, and quickly set up a database. You do a proof-of-concept (PoC). All the team is now super excited by your app. As a result, feature requests start to rain.
Time is money, so you build on top of your PoC. You add features one by one. You start to have a great product and getting adoption from the team.
Everything is great!
The next day, you arrive at the office. The app is down. That happens sometimes. Generally, a reboot of the back-end fixes it.
It does not work this time. You start digging into the issue. The team is calling you for support. But you are clueless.
Finally, you identify a problem with the database. You restart it. The app works now! But it’s empty. All data is gone! You check the database content to find a ransomware message asking you to pay X bitcoins to get back your data.
The next day you lose your job and your product gets abandoned.
Time is money, it’s true, and you may neglect cyber-security when there’s nothing at stake. But when there is, don’t treat cyber-security as if it was a virtual reality problem.