We (Italians) can of course continue to lure ourselves into believing that dealing with “password policies”, “critical infrastructure committees” and “mandatory security measures” – just to name a few buzzwords – is enough to grant a decent level of security for our networks.
We can continue, after twenty years, to listen at – and say – the very same bull… stuff we used to say in the pre-internet era about ICT security (don’t use easy passwords, don’t write it on a post-it, use an anti-virus, etc.)
We can, definitely, keep going in waiting for the next “IT guru” or “magic box” that will make the bad guys disappear from our computers.
But we still continue using flawed software and operating systems without making the software houses pay for their faults (disguised as “features”.)
We still buy things and boxes (read: hardware) believing that just because of that “we are safe”.
And we still keep a blind eye to the actual quality of the IT security in public institutions.
Two options as a conclusion: we’re either stronger than we appear to be or we are incredibly lucky.
But luck doesn’t last forever, and we need to be lucky every single minute of the day, while the attackers, just once.