There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before we answer that, let’s...
To understand why it might be impossible to reduce human cyber risk without a secure culture, it’s worth considering a series of experiments from the world of behavioural science. The experiments weren’t designed to uncover security insights. Rather,...
Unconvinced? Here’s a demonstration. Although it might not seem like it, people’s actions following 9/11 demonstrate just how likely it is you’re miscalculating your cyber risk. Following the terrorist attacks of 9/11, people began to change their travel...
As you may already be aware, most people prefer to avoid taking risks. In fact, most people prefer to avoid taking risks so much that they fail to do so even when taking the risk makes complete and total sense. This isn’t just CybSafe opinion. The...
Here’s an interesting conundrum for cyber security professionals. Some simulated attacks reduce human cyber risk. Others, however, have no effect on risk – and may even have a negative impact. Even more perplexing: an identical course of simulated...
Phishing scams evolve constantly. Don’t they? On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve. On the other hand, the the nuts and...
