Security statistics are real and scary, but educating your staff can make all the difference

This past week I found myself drinking beer around a swimming pool in Monte Carlo while talking about Mr Robot with a Johnny Depp lookalike - such is the life of an IT security journalist. It's not quite as glamorous as the location suggests, of course, as I was there to attend the Fortinet 361 security forum, rather than try to break the bank at the casino or race around the Circuit de Monaco. Johnny was actually Guillaume Lovet, senior manager of threat research at Fortinet (one of the global big three names in enterprise network security) and Mr Robot is a TV series about a security researcher turned hacker that has just finished in the US. In contrast, Guillaume was once a hacker (doing penetration testing) and is now a security researcher. As someone who took a similar unconventional route into my current profession, it is perhaps unsurprising we found ourselves agreeing on many things when it comes to cybercrime: everyone is a target, the only effective defence is a layered one, and good governance, rather than law, is imperative if the fight is ever to be won.