I remember getting a hot off the press NSA guide to computer security back in 1987 or 1988, sometime round there anyway. Ever since then its been my security blueprint. Never seen a computer hacked that adhered rigidly to those rules, and i've sat with some of the best, and tried. In fact i've offered an open challenge to anyone to network up to a properly secured trusted bsd box by above named guide and give it a go. At conventions engaging in such things i've seen just about everything else broken including tor on tails which is laughable compared to STOP XTS-400 which i also saw broken way back when.
The unpalatable truth is that people dont want secure systems, or are not in a position to secure a system.
In fact when i look at the root causes for breaches in my records nothing has changed regarding the fundamental underlying problems since the 1960s. I call it the towering inferno syndrome where Steve McQueen says "You know, one of these days, you're gonna kill 10,000 in one of these firetraps, and I'm gonna keep eating smoke and bringing out bodies until somebody asks us... how to build them.". Nobody ever bothers asking ok how do we build them..