If you protect a luscious, valuable, amazingly tempting data object, the probability of its being stolen is 1. It’s as sure as death and taxes. It’s only a matter of an attacker’s time and resources before it’s gone; these are no obstacles to determined adversaries like nation states and organized crime. So why don’t our corporate leaders ‘get’ this certainty? Why are so many, like Target, caught off guard?
This question has bugged me ever since I attended a professional conference that featured a panel of top executives from the Fortune 500 congratulating themselves on their unbreakable perimeter defenses that ‘no attacker could penetrate.’ As I listened I had images of the Titanic going down and couldn’t help raising my hand to ask if any had considered how to defend against other kinds of exploits that avoid firewall penetration, like Stuxnet (which I briefly explained). Why bother when compromising humans is so easy? Or as a colleague is fond of saying, ‘there is no firewall for stupid!’ 
There was stunned silence from the speaker and then a mumbled ‘we probably need to explore other scenarios.’ One of the panelists under his breath muttered, ‘we just installed a USB port in….’ and proceeded to describe a sensitive installation that would be a delightful target for the ill-intended.
How did we get here? How are so many aspects of society so blind when the consequences or cyber theft and compromise are so stark?
Lagging behind in the Information Age
I think you can agree that we all struggle to stay current with technology and often don’t grasp the unintended consequences of the shiny new innovations that we embrace. We’re transitioning to the Information Age, watching the Industrial Age fade in the rear view mirror. According to Covey   , this transforms our way of living in profound ways–how we advance in the world, how we work, our sense of time, how we problem solve, how we learn.
To gain appreciation for the enormity of what we’ve done to ourselves with our embrasure of technology, I’ve been reflecting on the table below, imagining myself in each age, visualizing my life in every detail. I marvel at the unintended consequences I’ve discovered as a result, and I work in this field!
I’m not suggesting we become luddites and live by candlelight; I am suggesting that we consider where we’ve come from and where we’re now living. Morris Massey’s training seminar called ‘What You Are Is Where You Were When’ makes the case that our values are fixed in the paradigm existing when we turned age 10  . From then on, we interpret what we see and weigh our decisions through that lens. Where were you at 10?
I invite you to take quiet time and contemplate this question. While you may be among the enlightened, technically, way ahead of most in ‘getting’ technology, ask yourself how likely is it that those who are leading us politically and economically really do understand the impacts of the transformation we are still in the middle of accomplishing. An exercise such as this might help you gain insight into why cybersecurity is something those at the top rarely grasp. Most likely, when they were 10, they were in the heart of the Industrial Age developing their world view from that paradigm. Is it any surprise they need extra help in thinking through cyber risk?
Surrounded by Oceans and ‘Soft’ Countries
At the heart of this transformation is our symbiotic relationship with the Internet. Table 2, brings home its pervasiveness; and we’re only at the beginning! With only 25% of the world’s population surfing the Net today, think how our lives will change as saturation increases and we move increasingly online. Further, consider the continued effects of the clash of cultures as radically different countries become side-by-side neighbors online.
In this country we have had the luxury of two oceans on either side, left and right, with two ‘soft’ countries above and below us that are basically cooperative and ‘like us.’ This can inure us to what we have done by becoming virtual next door neighbors with all of our friends online in the Table below. I’m fond of telling my students that my mother named six kids that I was absolutely to avoid like the plague when I was growing up. I still remember the name of the boy at the top of the list. These were perennial troublemakers in the neighborhood; if you hung around them, you were assured of no-good. (I can attest to it, having smashed a church window, by accident, playing softball with a couple of them!)
Now we are side-by-side with cultures and countries radically different from our own, with very different world views about IP (Intellectual Property), freedom, ethics, etc. (Read The Lure .) Why do we expect them to behave like us? Why should they?
What was meant for good has ushered in unexpected troubling dislocations.