Let’s punish phishing victims… er, you want to do what?!

Let’s punish phishing victims… er, you want to do what?!

Reading Time: 7 minutes There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before...
In the absence of a secure culture, reducing cyber risk could be impossible

In the absence of a secure culture, reducing cyber risk could be impossible

To understand why it might be impossible to reduce human cyber risk without a secure culture, it’s worth considering a series of experiments from the world of behavioural science.The experiments weren’t designed to uncover security insights. Rather, they were designed to demonstrate quirks in human behaviour. Specifically, they were designed to reveal why people sometimes “cheat”.