The market for shiny, clever and expensive cybersecurity technology is booming. Industry estimates reckon that data breaches will cost business $2tn globally by 2019, and a battery of impressive-sounding solutions are being rolled out: AI, context-aware behavioural analytics, neural networks, microsegmentation ...
No I don't understand it all either. But you don't have to understand it to know that cutting-edge tech (or the lack of it) hasn't really been the problem in many of the largest incidents. TalkTalk (150,000 customer accounts compromised) was the victim of two teenagers and a 20-year-old using a technique which had been known about for 10 years, and for which a defence existed. The company just hadn't noticed that its software was out of date.
This is like a bus company operating a vehicle that hasn't been serviced for 10 years. The management lesson here is not the need to invest squillions in the latest kit; rather it is to pay more attention and spend a modest sum keeping what you already have up to date.
Or consider the big US government leaks of a few years ago. These were inside jobs, and the issue was human, not technical. Bradley Manning was a US Army intelligence analyst and Edward Snowden an IT contractor working for the NSA. They did what they did because they felt that their government was doing bad things.
Management lesson: make sure that key staff share your organisation's values. So either behave ethically and legally or, if you want to do shady things, don't hire upright staff. Technology has developed some amazing capabilities, but none that compare with humans' capability to screw everything up. We know how difficult it is to deal with humans and their ability to misunderstand or ignore any instruction, their capacity for mischief or malice.
It is tempting to think that some clever technology can save us from having to deal with all of this, but it's just a fantasy. We ignore the human element of cybersecurity at our peril.
Alastair Dryburgh is chief contrarian at Akenhurst Consultants