2021
Didier Danet, « Punish and Perish : The Human Factor in Cybersecurity », HAL-SHS : droit et gestion, ID : 10670/1.llnzs4
According to many prominent experts, IT users are the “weakest link” in cyber-securitychain. This assumption has important consequences on the definition of cyber-securitypolicies which are often rooted in the fear of sanctions. We argue in this paper that suchpolicies miss the point of security because they create wrong incentives for users who makemistakes or undergo the maneuvers of social engineers. Doing so, most cyber-securitypolicies are in fact scapegoat processes more that effective guidelines for fighting cyberattacks. We argue that alternative cyber security policies, breaking up with the "WeakestLink" paradigm, are required in order to make significant improvements in facing cyberthreats, especially in times of COVID-19.