What makes that so dangerous, of course, is that distorted views of security often lead to bad risk decisions. Because when senior executives of any public or private organizations don’t understand industry best practices or what really constitutes a sophisticated attack, they’ll probably fail to properly fund protection measures against securing sensitive databases.

via Lies We Tell Our CEOs About Database Security – Dark Reading.

“I think she’s right, an attack is inevitable; losing 3.8 million social security numbers is not,” Murray says. “That someone bad is going to keep trying to do something bad to you, yes, that’s absolutely inevitable. That they’re going to be very, very successful like they were here, not so much.”