And even if we could make all of the changes that we want to, how can we expect CISOs to make every network 100% attack-proof? This is a question I think about every day. No matter how many servers I harden, how many security technologies I bring in to my network, and how many "best practices" I implement, vulnerabilities will always be present in the operating systems and software my company uses. What this seems to imply is that determined attackers will always be able to break into targets of their choice, because they have so many vectors to choose from. In other words, it's not possible to be 100% secure. And where does that leave us? We do our best with what we have, and hope for the best.