Blog
The CybSafe blog is a collection of stories, updates and guidance for people-centric security professionals.
Why I’m delighted with Forrester’s recognition of CybSafe
Independent Research Firm Forrester has named CybSafe a leader in its Security Awareness and Training Solutions report. According to CybSafe CEO Oz Alashe, it’s a big step towards keeping people and societies safe. A “leader” in our field CybSafe has been named a...
Six security essentials for those working from home
The COVID-19 outbreak is promoting remote working. Here’s how to minimise cyber risk when working from home 1. Use company-approved devices Mental blueprints dictate how we behave in any given situation. Our blueprints might prompt us to use personal laptops...
Cyber criminals are using COVID-19 cover stories in new phishing attacks
Here’s how to spot and stop the attacks Criminals are using COVID-19 stories to convince people to do things they’d never normally do. In one deplorable scam, cyber criminals email elderly targets. The criminals claim they represent medical organisations. They ask for...
Why we need new and better human cyber risk metrics
To make a difference as a security professional today, you need board support. You need resources. You need directors to trust and back you. You need organisational leaders to promote security. So whenever you have the board’s attention – or the attention of those who...
Why do some organisations use two security awareness training solutions at once?
Why do some organisations often use two or more security awareness training solutions at once? That’s a question that grabbed our attention when it popped up on social recently. The comment highlighted the following security oddity… Increasing numbers of organisations...
What we learned at SABS4CYBER 2019 – Part 2 of 2
This is part two of a blog reviewing key takeaways from SABS4CYBER 2019. The annual conference to highlight the contributions social and behavioural sciences can make to cyber security. You can read part one here. Multitasking a cause for concern? Dr. Helen Jones...
What we learned at SABS4CYBER 2019 – Part 1 of 2
SABS4CYBER is an annual conference that shines a spotlight on social and behavioural sciences. More specifically, SABS4CYBER puts the people using social and behavioural science to solve security challenges into the spotlight. This year, we were super excited to host...
What we learned at PeepSec 2019 – Part II
What we learned at PeepSec 2019 - part two This is Part Two of a post reviewing key takeaways from PeepSec 2019. You can read Part One here. To access the free video recordings of every talk from PeepSec 2019, register here. Day three JLT CISO Simon Legg...
What we learned at PeepSec 2019 – Part I
Following its inauguration in 2018, PeepSec returned in 2019 to facilitate further discussion on the opportunities and issues born from the interactions between people and technology. Over five days, 30 experts offered world-leading insights into areas...
Using AI and machine learning to improve cyber defences and reduce human cyber risk
To understand how AI and machine learning can reduce cyber risk, it’s worth considering how a typical taxi journey will look in a few years time. Today, when you jump into a taxi, you’re greeted by a driver who might inquire into your preference of radio...
Let’s punish phishing victims… er, you want to do what?!
There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before we answer that, let’s...
In the absence of a secure culture, reducing cyber risk could be impossible
To understand why it might be impossible to reduce human cyber risk without a secure culture, it’s worth considering a series of experiments from the world of behavioural science. The experiments weren’t designed to uncover security insights. Rather,...
You are almost certainly miscalculating your cyber risk
Unconvinced? Here’s a demonstration. Although it might not seem like it, people’s actions following 9/11 demonstrate just how likely it is you’re miscalculating your cyber risk. Following the terrorist attacks of 9/11, people began to change their travel...
Some people love to take a risk. So shouldn’t we be tailoring security awareness training?
As you may already be aware, most people prefer to avoid taking risks. In fact, most people prefer to avoid taking risks so much that they fail to do so even when taking the risk makes complete and total sense. This isn’t just CybSafe opinion. The...
Phishing Training: an intelligent approach
Broadly speaking, most phishing training works in more or less the same way. An automated tool sends simulated phishing and spear phishing simulations to those within your organisation. The simulations fool some, but not others. The tests reveal precisely who has been...
Some simulated attacks help reduce cyber risk. Others are redundant. What’s the difference?
Here’s an interesting conundrum for cyber security professionals. Some simulated attacks reduce human cyber risk. Others, however, have no effect on risk – and may even have a negative impact. Even more perplexing: an identical course of simulated...
The two most common phishing scams that affect UK businesses
Phishing scams evolve constantly. Don’t they? On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve. On the other hand, the the nuts and...
Can phishing be prevented?
As phishing filters are far from perfect, can phishing ever really be prevented? Today, with phishing attacks on the rise and the cyber threat landscape constantly evolving, most companies employ some form of technological phishing filter to help prevent phishing....
How to identify a phishing email
You’ve received an email. As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be malicious – no matter what it looks like. How do you check whether or not the email is a phishing attack? Step 1: Is the email...
5 ways to get more from cyber security awareness campaigns
Incredibly, traditional cyber security awareness training may actually decrease security awareness. Here’s how to ensure your security awareness campaigns increase resilience. Last year, researchers looking into the security of mobile devices inadvertently uncovered...
Why are phishing attacks successful?
Phishing attacks often seem rudimentary. With their spelling and grammar errors, blurry replicas of company logos and conspicuous twists on sender names, they should be easy to spot, shouldn’t they? So why is it, instead of dying down, phishing attacks are on the...
Stay up to date with the latest updates
Get updates
Don’t miss out! Subscribe for monthly updates from the ABC Community.
Submit your content
Submit your content for publication. Please review our publication guidelines first.
More about CybSafe
See how CybSafe can help you measure and track security behaviours to improve security controls and awareness activities.