Whilst maintaining a high level of security is difficult already, the asymmetry of tasks is enormous - your software teams have to patch and fix all their apps, and your security operations team has to protect your entire perimeter. Your adversary, on the other hand, only has to find one way in through any application.