From Noam Eppel’s “Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security“:
A cyber-criminal only needs to identify a single vulnerability in a system’s defenses in order to breach its security. However, information security professionals need to identify every single vulnerability and potential risk and come up with suitable and practical fix or mitigation strategy.