Protection is dead. Long live detection.

When it comes to security, protection will fail. USB drives will be lost. Users will click on and respond to phishing messages. Malicious insiders will abuse their privileges to steal information and cause damage. Well-meaning insiders will accidentally delete data. Russia, China, organized crime and other traditional advanced persistent threats will compromise even the most sophisticated protection mechanisms. And all of that is OK.
What isn’t OK is to not expect failure and not plan for