Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Social phishing
Phishing is a form of social engineering in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party. Phishing attacks today typically employ generalized “lures.” For instance, a phisher...
Investigation of human weaknesses in organizational cybersecurity: A meta-analytic approach
The rapid proliferation of digital technology and the increasing reliance on digital systems have made cybersecurity a critical concern for organizations and individuals worldwide. While technical solutions have been the primary focus in addressing cybersecurity...
On-demand webinar: What (Gen)AI means for security awareness in 2024
FREE WEBINARWhat (Gen)AI means for security awareness in 2024Unpacking the power and perils of GenAI in cybersecurityAre you thinking about your AI strategy as it relates to security awareness? You’re not alone. Join our host CybSafe CEO, Oz Alashe MBE, and guest...
Development of a new ‘human cyber-resilience scale’
While there has been an upsurge in interest in cyber resilience in organizations, we know little about the resilience of individuals to cyber attacks. Cyber resilience in a domestic or non-work setting is important because we know that the majority of people will face...
What drives generation Z to behave security compliant? An extended analysis using the theory of planned behaviour
Cyber security remains a relevant topic for organisations. While companies invest in expensive security tools security awareness training often is neglected, even though human error still accounts for a large part of cyber incidents (Gartner, 2022). At the same time...
Understanding digital-safety experiences of Youth in the U.S.
The seamless integration of technology into the lives of youth has raised concerns about their digital safety. While prior work has explored youth experiences with physical, sexual, and emotional threats—such as bullying and trafficking—a comprehensive and in-depth...
Bottom-up psychosocial interventions for interdependent privacy: Effectiveness based on individual and content differences
Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people's information). This...
Developing metrics to assess the effectiveness of cybersecurity awareness program
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a...
SCENE: A structured means for creating and evaluating behavioral nudges in a cyber security environment
Behavior-change interventions are common in some areas of human-computer interaction, but rare in the domain of cybersecurity. This paper introduces a structured approach to working with organisations in order to develop such behavioral interventions or ‘nudges’. This...
What your workforce wishes the cyber team knew
Being a CISO or a member of a cybersecurity team can be a thankless job. Crucial work is being done daily, often in the hope that…nothing happens! Whilst proving the value of the cybersecurity team to the board is one thing – how does the workforce think they’re...
New research shows high regard for cybersecurity teams within organizations, but visibility issues persist
Canary Wharf, London, 5th Feb 2024- 97% of office workers across the UK and US trust their cybersecurity team’s ability to prevent or minimize damage from cyberattacks, according to new CybSafe research. The study examining attitudes towards cybersecurity teams...
The nudge puzzle: Matching nudge interventions to cybersecurity decisions
Nudging is a promising approach, in terms of influencing people to make advisable choices in a range of domains, including cybersecurity. However, the processes underlying the concept and the nudge’s effectiveness in different contexts, and in the long term, are still...
Toward sustainable behaviour change: An approach for cyber security education training and awareness
Effective information security education, training and awareness (SETA) is essential for protecting organisational information resources. Whilst most organisations invest significantly in implementing SETA programs, the number of incidents resulting from employee...
Towards an improved understanding of human factors in cybersecurity
Cybersecurity cannot be addressed by technology alone; the most intractable aspects are in fact sociotechnical. As a result, the 'human factor' has been recognised as being the weakest and most obscure link in creating safe and secure digital environments. This study...
Cyber security behaviour in organisations
This review explores the academic and policy literature in the context of everyday cyber security in organisations. In so doing, it identifies four behavioural sets that influences how people practice cyber security. These are compliance with security policy,...
Cyber security awareness campaigns: Why do they fail to change behaviour?
The present paper focuses on Cyber Security Awareness Campaigns, and aims to identify key factors regarding security which may lead them to failing to appropriately change people’s behaviour. Past and current efforts to improve information-security practices and...
Cybersecurity risk management in small and medium-sized enterprises; A systematic review of recent evidence
Small and medium-sized enterprises (SMEs) have been encouraged to take advantage of any possible business opportunities by utilizing and adopting new-technologies such as cloud computing services, there is a huge misunderstanding of their cyber threats from the...
Employees attitude towards cyber security and risky online behaviours: An empirical assessment in the United Kingdom
The present study aimed to explore if the size of company an individual works for, age or attitudes towards cyber security affected frequency to engage in risky online behaviours. A total of 515 participants aged between 18-84 in full or part-time employment were...
Rebooting IT security awareness – How organisations can encourage and sustain secure behaviours
Most organisations are using online security awareness training and simulated phishing attacks to encourage their employees to behave securely. Buying off-the-shelf training packages and making it mandatory for all employees to complete them is easy, and satisfies...
An ideal approach for detection and prevention of phishing attacks
Phishing is a treacherous attempt to embezzle personal information such as bank account details, credit card information, social security number, employment details, and online shopping account passwords and so on from internet users. Phishing, or stealing of...
Client-Side Counter Phishing Application Using Adaptive Neuro-Fuzzy Inference System
Phishing is an online scam which involves identity theft of unsuspecting users, by which an attacker steals the personal information of users, such as user ID or password. E-mails, instant messaging and web pages are used in carrying out such attacks, out of which...