To revisit the military metaphors, World War I clearly showed that machine guns, artillery and barbed wire made cavalry charges obsolete. And yet, every major military in the world maintained cavalry units through the beginning of World War II. Unfortunately, this stubborn adherence to the status quo always leads to carnage. Today's IT carnage is playing out in newspaper headlines in the form of data breach reports.

So, how do we change the status quo and usher in the secure breach era, an approach to security that keeps valuable assets secure even when hostile intruders have penetrated the perimeter? Here's a four step program:

* Introspection: First, examine why we are not winning the war against hackers, , etc. Why are we not winning? Because we stubbornly adhere to Einstein's definition of insanity: doing the same thing over and over again and expecting a different outcome. In this case, that same thing is responding to breaches by investing disproportionate sums of money in perimeter defenses in a futile attempt to prevent breaches.

The industry needs to stop living in the past. It needs to try something new. It needs a heavy dose of introspection so it can adopt a new mindset: the "secure breach." Let's dig deeper into the remaining steps to changing the status quo:

* Acceptance. Stop pretending you can prevent a perimeter breach. Accept that it will happen and build your security strategy accordingly. We need to admit that we, as an industry, have a problem. Start by asking yourself if your security philosophy has changed much in the last 10 years. It almost certainly has not. You're likely to be spending 90% of your security budget the same way you did back in 2002, which undoubtedly focuses on perimeter and network defenses.