Blog
The CybSafe blog is a collection of stories, updates and guidance for people-centric security professionals.
Let’s punish phishing victims… er, you want to do what?!
There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before we answer that, let’s...
In the absence of a secure culture, reducing cyber risk could be impossible
To understand why it might be impossible to reduce human cyber risk without a secure culture, it’s worth considering a series of experiments from the world of behavioural science. The experiments weren’t designed to uncover security insights. Rather,...
You are almost certainly miscalculating your cyber risk
Unconvinced? Here’s a demonstration. Although it might not seem like it, people’s actions following 9/11 demonstrate just how likely it is you’re miscalculating your cyber risk. Following the terrorist attacks of 9/11, people began to change their travel...
Some people love to take a risk. So shouldn’t we be tailoring security awareness training?
As you may already be aware, most people prefer to avoid taking risks. In fact, most people prefer to avoid taking risks so much that they fail to do so even when taking the risk makes complete and total sense. This isn’t just CybSafe opinion. The...
Phishing Training: an intelligent approach
Broadly speaking, most phishing training works in more or less the same way. An automated tool sends simulated phishing and spear phishing simulations to those within your organisation. The simulations fool some, but not others. The tests reveal precisely who has been...
Some simulated attacks help reduce cyber risk. Others are redundant. What’s the difference?
Here’s an interesting conundrum for cyber security professionals. Some simulated attacks reduce human cyber risk. Others, however, have no effect on risk – and may even have a negative impact. Even more perplexing: an identical course of simulated...
The two most common phishing scams that affect UK businesses
Phishing scams evolve constantly. Don’t they? On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve. On the other hand, the the nuts and...
How can phishing affect a business?
The consequences of phishing can be severe... It’s widely reported, for example, that tech giants including Facebook and Google sent as much as $100m directly to criminals following a spear phishing campaign that went on for more than two years. More often than not,...
Why Phishing Training Is Important
In 2017, an email prankster targeted the White House. The prankster’s goal was simple: to trick White House staff into responding to fraudulent emails for nothing more than a cheap thrill. With little to gain from the endeavour, the prankster’s efforts were basic. The...
Can phishing be prevented?
As phishing filters are far from perfect, can phishing ever really be prevented? Today, with phishing attacks on the rise and the cyber threat landscape constantly evolving, most companies employ some form of technological phishing filter to help prevent phishing....
How to identify a phishing email
You’ve received an email. As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be malicious – no matter what it looks like. How do you check whether or not the email is a phishing attack? Step 1: Is the email...
5 ways to get more from cyber security awareness campaigns
Incredibly, traditional cyber security awareness training may actually decrease security awareness. Here’s how to ensure your security awareness campaigns increase resilience. Last year, researchers looking into the security of mobile devices inadvertently uncovered...
Why are phishing attacks successful?
Phishing attacks often seem rudimentary. With their spelling and grammar errors, blurry replicas of company logos and conspicuous twists on sender names, they should be easy to spot, shouldn’t they? So why is it, instead of dying down, phishing attacks are on the...
How are phishing attacks used in identity theft?
People are more likely to be a victim of identity theft than any other type of cybercrime… and phishing can be a precursor In order to steal your identity, criminals need to get hold of your personal information. That’s all it really takes to begin opening bank...
Are phishing attacks on the rise?
In 2018, some reports suggest the number of phishing attacks are falling. Is that really the case? Phishing attacks have been on the rise for a long time now. According to the UK government’s most recent cyber security breaches survey, they cause more data breaches...
Why security awareness training sometimes fails – and what you can do about it
To demonstrate why security awareness training so often fails, it’s worth conducting a quick thought experiment. Imagine you’re a smoker and, one day, you find out you’re genetically susceptible to lung cancer. Thanks to your genes, you’re two-three times more likely...
Measuring The Effectiveness of Security Awareness Training
Online security awareness training is now the most popular form of security awareness training in the world. As we noted here, that’s good news when it comes to measuring the effectiveness of security awareness training. Offline, things aren’t so easy to track....
Ten key topics to cover in cyber security awareness training
The scope of cyber security awareness training continues to increase. While the below list of topics to include in awareness training is far from exhaustive, each should be a foundational pillar of security awareness campaigns. Building campaigns around the below can...
Four different types of security awareness training – and the pros and cons of each
Generally speaking, traditional security awareness training is delivered in one of four ways: 1. Classroom-based training 2. Visual aids (including video) 3. Through simulated attacks 4. Computer-based training Resource challenges and environmental contexts often...
7 reasons why security awareness training is important
Data breaches cost UK organisations an average of £2.9 million per breach. In 2019, human error accounted for 90% of breaches. Those facts alone are usually enough to convince people security awareness training is important. Usually. Only 1 in 9 businesses...
Security Awareness Training: The Old Definition and the New
At the time of writing, Google tells us security awareness training is “a formal process for educating employees about computer security.”You can bet it’s a prevalent definition: the search engine sifts through every indexed web page ever written on the topic to...
Stay up to date with the latest updates
Get updates
Don’t miss out! Subscribe for monthly updates from the ABC Community.
Submit your content
Submit your content for publication. Please review our publication guidelines first.
More about CybSafe
See how CybSafe can help you measure and track security behaviours to improve security controls and awareness activities.