It all started at the recent Security Summit, when a member of the audience posed a question of whether security professionals are fighting a losing battle with threats that never end.
His words brought me to a time several years ago my predecessor once said "it's like that," when a software vendor asked why they did not win an award at the Readers Choice Awards then.
"Even George W. Bush gets elected twice to be the President. What can we do? It's life," he said.
Truly, when you are dealt with a raw deal in life, you really have to shrug your shoulders and say 'c'est la vie', then try to move on.
But let's go back to the query by the individual at the Summit.
One answer can be found in the presentation of Kraft Foods' Raymond Lay. He described how information security has been tightly woven into his organisation's business processes thanks to an extensive governance framework. For instance, buy-in and involvement from the senior management ensures that information security personnel do not have to fight their battles alone and their efforts are visible within the company.
I think one crucial step is to have the mindset that there will be a breach no matter what; it is how we react to the threat that matters. We can then spend time and energy on things like crafting reaction speeds, the processes to follow, roles and responsibilities for stakeholders, etc.
In a day and age where anything and everything can happen, including world class transport systems falling apart, we can no longer stick to a security strategy that is just focused on keeping everything out of the perimeter.
And just like the theme for this year's Security Summit, "Is Complacency Setting In?" it is all about being able to react to changes before issues occur, having proper controls in case things go south, and actually listening to people on the ground their concerns.
Sign up for Computerworld eNewsletters.