You can't defend. You can't prevent. The only thing you can do is detect and respond.
Interpretation
The quote emphasizes the importance of detection and response over prevention in security.
Bruce Schneier's quote highlights the reality that in the realm of security, it is often impossible to completely prevent all threats. Instead, organizations and individuals must focus on being able to detect potential threats quickly and respond effectively to mitigate any damage, emphasizing a proactive stance in security management rather than a purely defensive one.
In practice
During a cybersecurity seminar, one might say, 'As Bruce Schneier noted, you can't defend; you need to focus on detection and response.'
History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.
The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember.
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.
It is poor civic hygiene to install technologies that could someday facilitate a police state.
Digital files cannot be made uncopyable, any more than water can be made not wet.
I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'.
Today every invention is received with a cry of triumph which soon turns into a cry of fear.
First, we want to establish the idea that a computer language is not just a way of getting a computer to perform operations but rather that it is a novel formal medium for expressing ideas about methodology. Thus, programs must be written for people to read, and only incidentally for machines to execute.
I think a lot of the time there isn't such a black-and-white difference between what's a platform and what's an app. It's really just like the most important apps become platforms.
So what used to fit in a building now fits in your pocket, what fits in your pocket now will fit inside a blood cell in 25 years.
It's hard to pay attention these days because of multiple affects of the information technology nowadays. You tend to develop a faster, speedier mind, but I don't think it's necessarily broader or smarter.
All these social media sites allow us to confuse truth and popularity. That has to be fixed. Because every normal citizen has a right to know what is factual versus what is amplified by good actors or bad actors.
Subscribe for the occasional hand-picked quote. No noise.