Sleeping guard dogs
You’ll also not have missed that the attackers’ capabilities are far ahead of those of us trying to defend our systems against them.
You know what I've found in a number of installations? The "guard dogs" are fast asleep, and their own computers are filled with so much malware it just isn't funny. They've been spending their days not in diligent work, but hanging around and surfing the web, wherever it may lead. Like porn.
One manufacturer of large earth moving equipment had a network so full of crap, and an IT staff so lame, that they would not allow us to send a computer to them unless it was already running a firewall and virus scanner. Anything that was unprotected in the least would be p0wned within seconds of being plugged into the network.
There's an article about the insecure Hadoop servers making 5PB of data available for all comers. WTF?? Why does noone secure their databases? Are passwords so difficult? Are good firewall rules so confusing?
The attackers are not ahead of us. Flat out, they aren't. Too many installations aren't even practicing any security. There is no training of the staff about what they should do about attachments, and verifying possible phishing information in emails. To many idiots are completely irresponsible about their actions, and they pretend to be the hapless victim. Sorry, no. If there were licenses mandated to operate computers, 90% of the punters out there wouldn't receive one.