Why do we refuse to abandon security processes that don’t work?

Why do we refuse to abandon ideas, equipment, and processes that have proven themselves to be inadequate? It’s rarely because we lack options; it’s often because we can’t abide giving up on something once we’ve sunk a ton of time, effort, and money into it.

I dropped my son’s computer case in the bin this morning and it felt liberating. For some reason , I kept finding ways to rationalize keeping the gutted husk month after month. “We might be able to rebuild it,” I told myself, secretly knowing that we never would. The PC was thoroughly stripped down, the form factor was annoyingly proprietary, and history had proven this machine was a dud. Why was I so keen to hang onto it?