Even though security controls are applied with the best intentions, they, at times, are not as fully effective as intended. Why is this often the case?  

 

Reasons why security controls fail

Failure to maintain the security systems. As the system evolves, there are likely to be some emerging issues and vulnerabilities. Lack of proper maintenance ensures that these weaknesses aren't spotted and fixed, leaving the system security weak.

Cyber criminals are constantly inventing newer ways to launch attacks. They come up with new ways to attack that your system isn't equipped to stop. This quickly renders your initially secure system vulnerable to new forms of attack.

Some security controls are not thorough and are set up to protect some sections of the system. This gives hackers a leeway to circumvent the controls through the weak links

Human error is a major cause of security control fails. Some control systems depend on humans to implement and sometimes inevitable human lapses cause loopholes in the security opening avenues for potential attacks 

Sometimes the wrong security solutions are adopted for the wrong solutions. People use popular security measures without really assessing their specific problems. These patches leave unaddressed weak links that leave the system vulnerable.