Yes and No. In cyber security class they taught us that nothing is secure from someone who absolutely wants your data, but that doesn't mean you can do nothing. Security is not an all or nothing event.
Cyber Security relies of being meshed with physical security, and the good will and social reliability of everyone else, to certain degrees, and other non-cyber security measures.
The three "Ds" of security are Deter, Detect, and Delay.
The ability to detect intrusion can give you the ability to start clean up sooner, or take actions against the intruder. In the case of the NSA, exposure to the public. If what they do isn't so secret, its not as effective.
Deter - Strong Crypto, unless the math is completely broken, brute force takes time on really powerful computer systems, which means money. The more you make an organization waste on your system, the less they can do for everyone else. Also the secondary effect is detection, because the monies spent, as well as the physical locations of such computers will leave a pretty big paper trail. Another deterrence is air gapping, making them have to send someone to your house to steal the computer. This is a high risk, because it would leave lots of physical evidence, and there is a pretty high level of political risk in doing so.
Delay - login systems, crypto, proxies. multiple systems in succession that need to be broken. The long it takes in manhours is manhours not spent elsewhere. When running from a tiger, you don't need to be faster than the tiger, just faster than the guy next to you. same concept.
Detect - the sooner you detect, the sooner you can either do countermeasures, or go public with it, or start analyzing the attack to prevent future attacks. The best disinfectant is sunlight.