The Human Nature of Cybersecurity
In 1999, Bruce Schneier popularized the concept that cybersecurity is about people, process, and technology.1 Yet two decades later, we still focus much more on technology than on the other two dimensions. For a long time, when the cybersecurity community did consider the human aspect, this was done within the context that “humans are the weakest link.” I would argue, instead, that understanding humans is the weakest link in cybersecurity.
