Resources
Latest cyber security news, views and insights.
Meaningful Metrics for Human Cyber Risk
Most organisations fail to measure their human cyber risk. Some measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed over time?” and “Which security interventions reduce most risk?“.
Oz Alashe Appearing on TalkRadio – The Business Breakfast with James Max
The Business Breakfast with James Max. Thursday, January 9, 2020 (05:00 - 06:30) Listen to the full episode here.
Why do some organisations use two security awareness training solutions at once?
Why do some organisations often use two or more security awareness training solutions at once? That’s a question that grabbed our attention when it popped up on social recently. The comment highlighted the following security oddity…
What we learned at SABS4CYBER 2019 – Part 2 of 2
SABS4CYBER is an annual conference that shines a spotlight on social and behavioural sciences. More specifically, SABS4CYBER puts the people using social and behavioural science to solve security challenges into the spotlight.
What we learned at SABS4CYBER 2019 – Part 1 of 2
SABS4CYBER is an annual conference that shines a spotlight on social and behavioural sciences. More specifically, SABS4CYBER puts the people using social and behavioural science to solve security challenges into the spotlight.
Measuring Cyber Security Culture
This whitepaper reveals how today’s security teams can build a secure culture. Following characteristically thorough research, lead author Dr. John Blythe explains why secure cultures are few and far between and how to build a secure culture in your organisation.
CyberTalks video – Awareness Behaviour Culture: The Human Aspects
Our people can make a difference. Oz Alashe MBE, CEO & Founder CybSafe talks to Karla Reffold about the human aspects of cyber security – Awareness Behaviour and Culture. He explains that we now have 37 years research into what it takes to change behaviour and we...
Behaviour Change whitepaper
In this whitepaper, we outline the CybSafe approach to applying behavioural science, how it’s embedded in everything we do and how our products drive behaviour change in employees.
People-centric security e-book
Is it time to reconsider traditional approaches to cyber security? For a long time now, people have largely been viewed as a cyber security “weakness”, and the viewpoint has shaped the majority of the cyber security strategies we see today.
What we learned at PeepSec 2019 – Part II
This is Part Two of a post reviewing key takeaways from PeepSec 2019. You can read Part One here. To access the free video recordings of every talk from PeepSec 2019, register here.
What we learned at PeepSec 2019 – Part I
Following its inauguration in 2018, PeepSec returned in 2019 to facilitate further discussion on the opportunities and issues born from the interactions between people and technology.
Using AI and machine learning to improve cyber defences and reduce human cyber risk
To understand how AI and machine learning can reduce cyber risk, it’s worth considering how a typical taxi journey will look in a few years time.Today, when you jump into a taxi, you’re greeted by a driver who might inquire into your preference of radio station and ask you one or two cursory questions while edging you towards your eventual destination.
Let’s punish phishing victims… er, you want to do what?!
There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before we answer that, let’s...
In the absence of a secure culture, reducing cyber risk could be impossible
To understand why it might be impossible to reduce human cyber risk without a secure culture, it’s worth considering a series of experiments from the world of behavioural science.The experiments weren’t designed to uncover security insights. Rather, they were designed to demonstrate quirks in human behaviour. Specifically, they were designed to reveal why people sometimes “cheat”.
You are almost certainly miscalculating your cyber risk
Although it might not seem like it, people’s actions following 9/11 demonstrate just how likely it is you’re miscalculating your cyber risk.Following the terrorist attacks of 9/11, people began to change their travel plans.
Some people love to take a risk. So shouldn’t we be tailoring security awareness training?
As you may already be aware, most people prefer to avoid taking risks. In fact, most people prefer to avoid taking risks so much that they fail to do so even when taking the risk makes complete and total sense.
Phishing Training: an intelligent approach
Broadly speaking, most phishing training works in more or less the same way. An automated tool sends simulated phishing and spear phishing simulations to those within your organisation. The simulations fool some, but not others. The tests reveal precisely who has been...
Some simulated attacks help reduce cyber risk. Others are redundant. What’s the difference?
Here’s an interesting conundrum for cyber security professionals.Some simulated attacks reduce human cyber risk.Others, however, have no effect on risk – and may even have a negative impact.
Oz Alashe Appearing on BBC Business Live – Inside Track
The two most common phishing scams that affect UK businesses
Phishing scams evolve constantly. Don’t they?
On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve.
On the other hand, the the nuts and bolts of phishing scams are surprisingly static. On the whole, phishing attacks are quick, cheap and disastrously effective. Knowing this, criminals rarely tweak the inner workings of their phishing scams all that much.
How can phishing affect a business?
The consequences of phishing can be severe…
It’s widely reported, for example, that tech giants including Facebook and Google sent as much as $100m directly to criminals following a spear phishing campaign that went on for more than two years.