NIST plans to publish the final public draft of Special Publication 800-53, Revision 5 (Security and Privacy Controls for Information Systems and Organizations) on 09-04-18. Final publication expected on 12-27-18.
“...21% of all their folders open to everyone in the company... ‘That's absurd,’ he says, noting that this openness enables attackers and malware to penetrate one user and spread laterally throughout a network...”
Throw all the money at security that you want, but if you don’t have the basics of IT down like: asset management, least privilege account management, and decent IT structure like network segmentation, disabled macros etc… then your security program is just security theater.
Google is not trying to break the web by pushing for more HTTPS. Neither is Mozilla and neither are any of the other orgs saying "Hey, it would be good if traffic wasn't eavesdropped on or modified". This is fixing a deficiency in the web as it has stood for years.