It seems every major hack is accompanied by the pointing of fingers. And there are plenty of places to point them: the servers that weren’t patched, the retailer who hadn’t finished setting up an intrusion detection system, the high-ranking official who used his personal email to store secrets, the critical application with unfixed security holes because the programmers hadn’t finished fixing them yet, the users of unapproved cloud or mobile applications for corporate data.