There's a key difference: if you build a building to resist termite damage, the termites don't retreat, plan their next attack, and come back with drills and wood saws to try again. Hackers are better modeled as intelligent adversaries than as forces of nature, because as attackers, they actively improve their techniques as the defenders do.
That means they won't be stopped for long by static infrastructure. And in the same way, "best practices" are a moving target, so they'll always be applied unevenly across companies at any given point in time.
In fact, the more economically damaging the hack, the truer this is: the biggest ransoms and the greatest national security risks are mostly caused by actors that employ dozens or hundreds of motivated professionals to find gaps in an organization's infrastructure. And that means the "force of nature" model is especially inaccurate when we weigh incidents by economic impact (which arguably we ought to do).
Wee know exactly one way of blocking intelligent, motivated adversaries from getting what they want at our expense. And that's to have at least equally motivated, at least equally intelligent folks on the other side who are continually trying to stop them. And that doesn't sound entirely unlike a fairly reasonable line item in a national defense budget.
That means they won't be stopped for long by static infrastructure. And in the same way, "best practices" are a moving target, so they'll always be applied unevenly across companies at any given point in time.
In fact, the more economically damaging the hack, the truer this is: the biggest ransoms and the greatest national security risks are mostly caused by actors that employ dozens or hundreds of motivated professionals to find gaps in an organization's infrastructure. And that means the "force of nature" model is especially inaccurate when we weigh incidents by economic impact (which arguably we ought to do).
Wee know exactly one way of blocking intelligent, motivated adversaries from getting what they want at our expense. And that's to have at least equally motivated, at least equally intelligent folks on the other side who are continually trying to stop them. And that doesn't sound entirely unlike a fairly reasonable line item in a national defense budget.