Was Jeff Bezos the weak link in cybersecurity?

A week ago, Amazon's founder, Jeff Bezos, revealed what he described as an extortion attempt by the National Enquirer.

The tabloid seemed to have gotten hold of very intimate texts and photos he had sent to his girlfriend Lauren Sanchez.

In my report on the BBC World Service program, The World This Week, I see why humans are often the weak link in cybersecurity.

Mr. Bezos is the richest man in the world. He builds his fortune through a society that transforms our way of life through innovative technology.

His company, Amazon, places cyber security at the heart of all its activities.

So, how come it was risky to send very embarrbading photos on his lover's phone to see them hacked and end up in the hands of a tabloid newspaper?

Could not he stop doing something so stupid in the first place, the reason being that his company would surely have been able to provide him with the most unstoppable phone in the world?

On Twitter, a so called counterchekist had the answer to this question, claiming that all the money and experts of the world could not protect a device against its greatest weakness, "the human who uses it ".

In other words, technology can not go that far. Good cyber security depends on educating people not to be silly.

The suggestion that the human factor is the weakest link is probably the biggest cliche of the cybersecurity industry.

Security companies can sell all sorts of expensive tools to protect their customers from attack, but all too often they become unusable when someone in the business clicks on a suspicious link or forgets them. Install an essential software update.

If you look at one of the major cyber security incidents of recent years, you will probably find that they start with a human being who is wrong.

The fault that destroyed the O2 mobile phone network in the UK for 24 hours in December 2018 was first suspected to have been caused by hacking.

It then appeared that someone had not managed to renew a software certificate. "One of the most basic system administration mistakes you can imagine," said a lamentable comment on the Computing Weekly website.

The attack that saw hackers – believed to have come from North Korea – seize Sony Pictures' computer system and disclose all sorts of embarrbading information began with emails designed to entice executives to give their Apple identification information.

And guess what? Some of these people used the same pbadwords for their Sony account. Hey, hackers were here.

So-called social engineering is becoming an essential weapon in the arsenal of pirates. Rather than launching a cleverly crafted high-tech attack, they choose a key individual and find a way to target their weaknesses.

Scammed!

Some time ago, I spoke to a cybersecurity company specializing in the fight against "spear-phishing", where a senior executive is targeted for an attack. They proposed me a challenge. Over the next few days, they would prove that they could persuade me to click on a dubious link in an email.

Hah, I thought. Big luck. I am very careful about what happens in my inbox anyway and I will be even more vigilant now.

A few days later, Jat, the producer of my World Service radio show, Tech Tent, sent an email. He sends me messages several times a day. It was about my Twitter account and read: "You really have to take a look at this," pointing a link.

Of course, I clicked and found myself on a cybersecurity company-owned webpage with a message saying, "We got you".

In one way or another, they had usurped the e-mail address of my producer and found the hole in my defenses. After all, everyone trusts their producer.

All of this begs the question: If the protection of your vital information depends on the awareness of human beings rather than the use of all kinds of whizzbang technologies, would not it be better to hire psychologists rather than corporations? cybersecurity?

They could even be cheaper.

Of course, the truth is that connecting data leaks is a multi-faceted activity.

A company must ensure that its employees have secure devices, understand the rules of corporate data protection and exercise good judgment.

And on this last point, even billionaires can sometimes be found deficient.

The World this week airs for the first time on the World Service at 9:00 GMT Saturday and is repeated throughout the weekend and you can listen to it then on BBC Sounds.