Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Is the key to phishing training persistence?: Developing a novel persistent intervention
Most previous phishing interventions have employed discrete training approaches, such as brief instructions aimed at improving phishing detection. However, these discrete interventions have demonstrated limited success. The present studies focused on developing an...
Emotional cost of cyber crime and cybersecurity protection motivation behaviour: A systematic literature review
The impact of a cyberattack on an organisation is multifaceted, at the employee level, cyber threat is a sensitive issue which needs further understanding. Founded in psychology research, emotions affect protection motivation behaviours at the individual level in the...
Cyber resilient behavior: integrating human behavioral models and resilience engineering capabilities into cyber security
Cybercrime is on the rise. With the ongoing digitization of our society, it is expected that, sooner or later, all organizations have to deal with cyberattacks; hence organizations need to be more cyber resilient. This paper presents a novel framework of cyber...
Investigating cyber security awareness among preservice teachers during the COVID-19 pandemic
South African institutions of higher education suffered serious disruptions during the COVID-19 pandemic which, resulted in migrating most teaching and learning activities to various online platforms, of which many depended on the open web. This has the potential to...
GenAI for security awareness: What most people miss
Content creation is just one piece of the puzzle. If you’re using GenAI for security awareness content, you need the adaptive advantage… GenAI is a major force that’s transforming security awareness and human risk management. 93% of organizations are using, planning...
“Employees who don’t accept the time security takes are not aware enough”: The CISO view of human-centred security
In larger organisations, the security controls and policies that protect employees are typically managed by a Chief Information Security Officer (CISO). In research, industry, and policy, there are increasing efforts to relate principles of human behaviour...
Perfecting your phish simulations — The 85% sweet spot for optimal learning
I don’t normally choose Phishing as a research topic because I think the literature is saturated with insights. However, I see that many companies struggle with a few important details when it comes to Phishing simulations: What is the optimal Phishing simulation...
From compliance to impact: Tracing the transformation of an organizational security awareness Program
There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance − measured by training completion rates − to those resulting in behavior change. However, few prior studies have begun to unpack the...
Characterizing and measuring maliciousness for cybersecurity risk assessment
Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing...
Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in European Union
We use large-scale survey data from the Eurobarometer 77.2/2012 to explore variability in online activity, cyber-crime exposure, and security measures of end-users in European Union (EU27). While cyber-security is a high-priority activity for security experts and...
(Gen)AI and the human aspect of cybersecurity
WHITEPAPER(Gen)AI and the human aspect of cybersecurityThe buzz around generative artificial intelligence (GenAI) is deafening. And it’s getting louder by the minute. Promises of innovation abound. So do questions about reach and implications. As ChatGPT and Dall-E...
Repeat clicking: A lack of awareness is not the problem
Although phishing is the most common social engineering tactic employed by cyber criminals, not everyone is equally susceptible. An important finding emerging across several research studies on phishing is that a subset of employees is especially susceptible to social...
“Repeat Offenders” in cyber security – Black hat Europe executive summit 2021 keynote
What is the problem with so-called “repeat offenders” We can answer that question in two ways. The easy way, and the right way. Let’s start with the simple answer. Many people would say that the problem with “repeat offenders” is repeat incidents, or at least repeat...
The enduring mystery of the repeat Clickers
Individuals within an organization who repeatedly fall victim to phishing emails, referred to as Repeat Clickers, present a significant security risk to the organizations within which they operate. The causal factors for Repeat Clicking are poorly understood. This...
How to deal with individuals who repeatedly fail phishing simulations
In most companies, a small percentage of employees repeatedly fail phishing simulations. These “repeat responders” should be addressed through frequent phishing exercises to build muscle memory in identifying a phish. The cybersecurity team should work to identify...
Phishing for long tails: Examining organizational repeat clickers and protective stewards
Organizational cybersecurity efforts depend largely on the employees who reside within organizational walls. These individuals are central to the effectiveness of organizational actions to protect sensitive assets, and research has shown that they can be detrimental...
The new SEC cybersecurity rules: What’s happened so far, how it’s changing security awareness, and what it means for you
Security awareness compliance is transforming. Are you ready? The SEC's cyber disclosure rules are a sea change for public companies. Part of a growing global trend, the rules are a major step forward in enhancing transparency and investor protection in the face of...
Research on the effectiveness of cyber security awareness in ICS risk assessment frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social engineering attacks. This research aimed to determine the effect of cyber security awareness on the emergency response to cyber security incidents in the...
Social phishing
Phishing is a form of social engineering in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party. Phishing attacks today typically employ generalized “lures.” For instance, a phisher...
Investigation of human weaknesses in organizational cybersecurity: A meta-analytic approach
The rapid proliferation of digital technology and the increasing reliance on digital systems have made cybersecurity a critical concern for organizations and individuals worldwide. While technical solutions have been the primary focus in addressing cybersecurity...
On demand webinar: What (Gen)AI means for security awareness in 2024
ON DEMAND WEBINARWhat (Gen)AI means for security awareness in 2024Unpacking the power and perils of GenAI in cybersecurityAre you thinking about your AI strategy as it relates to security awareness? You’re not alone. Join our host CybSafe CEO, Oz Alashe MBE, and guest...