An analysis of Cyber Security publications sees >99% devoted to the technology of attack and defence, with <1% examining the biggest risk of all - People. But every Cyber hack, attack or failure involving technology, starts with some human indiscretion, error, fallibility, stupidity, revenge, malice, or act of vandalism. This near exclusive focus on the technology is analogous to bolting the stable door after the horse has bolted, and it results in a vast redirection and waste of resources. In complete contrast, our adversaries (The Dark Side) are more cunning. It really is time to reconsider our strategy if we are to stem the growing tide of attacks. For sure, people cannot ‘do’ security! And why should they? It really is the responsibility of industry who ought to be designing and supplying inherently secure products that defend users against themselves and The Dark Side. To engineer this would mean the deployment of systems to monitor the behaviours of people, devices, systems, applications and networks. We have to establish patterns of behaviour at all levels if we are to detect and combat the exceptions that might constitute an attack. And whilst our knowledge of human behaviours and sociology are extensive, we know almost nothing about devices, systems, applications and networks. Perhaps even more threatening is our total lack of knowledge about Things: aka the IoT. In this presentation we illustrate the fallibilities of people as well as some of their devious activities and propose some solutions.