Tackling the Human Dimensions of Cybercrime

As I have been saying for years and years: Cybersecurity is a human issue that involves technology, not a technology problem that can be solved technocratically.

So it’s gratifying and heartening to read this important essay in the New York Times — This Is Why I Teach My Law Students How to Hack — by Scott J. Shapiro, Charles F. Southmayd Professor of Law and Professor of Philosophy at Yale Law School and the Director of the Yale Cybersecurity Lab.

Professor Shapiro: “If cybercrime is a sophisticated high-tech feat, we assume, the solution must be too. [But] technology alone is not enough to solve the problems we face.”

Continuing: “… there are promising ways to tackle the human dimensions of the problem — that is, the social, economic and psychological aspects. The bad news is that we have largely failed to pursue them.”

He concludes: “Figuring out how hacking works is the easy part. Figuring out how humans work, and what to do about it, is the hard part. And even when we get it right, we must remember that neither technology nor regulation is a panacea. In the 21st century, cybercrime is increasingly just crime — and there is no way to end that most human of glitches.”

Yes!

I must add, from my experience as a consulting advisor in the cybersecurity space, that the “most human of glitches” isn’t confined to criminality. It also encompasses the seemingly intractable problem posed not by threat actors but tech and business leaders, people in legitimate positions of decision-making authority, who double-down on psychologically illiteracy and act as if they’re allergic to embracing multidisciplinary expertise to thoroughly and effectively understand and address the problems.