When we see a car wreck it’s very easy to slow down and gawk. The first thing we think is “Wow, that’s awful,” quickly followed by “Whew… glad that wasn’t me,” and then we drive on. Most of us don’t spend time thinking about how the wreck happened — we were just glad it wasn’t us.
A similar sentiment works in cyber security. But instead of focusing on the wreck, the rest of us responsible and accountable for information security must learn and adapt from every attack.