The most damaging cybersecurity attacks don’t target errors in the code so much as they target operational mistakes.