MIT CIO Symposium: Outdated security assumptions put companies at risk