Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Knowledge articulation: the secret sauce in GenAI for security awareness
How knowledge articulation in GenAI supports security awareness, learning, and collaboration—and how to fully unlock its potential GenAI models like ChatGPT, Google Gemini, and DALL-E are wowing the world with their content creation powers. Many of us don't realize...
How do professionals assess security risks in practice? An exploratory study
There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of...
Fortifying healthcare: An action research approach to developing an effective SETA program
Organizations continue to use security education training and awareness (SETA) programs to reduce the number of cybersecurity incidents related to phishing. A large healthcare organization contacted the authors to share that they continued to struggle with the...
How to keep your information secure? Toward a better understanding of users security behavior
Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two...
A systematic review of current cybersecurity training methods
Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way...
A taxonomy of SETA methods and linkage to delivery preferences
Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA...
Habit
This paper discusses three distinct concepts related to habits: the differences between habitual and non-habitual states of consciousness; a hierarchy of habits; and the development of habits which depends on repetition, attention, intensity of the experience, and the...
GenAI for security awareness: Can GenAI’s predictive analytics transform tired training?
Content creation is just one piece of the puzzle. If you’re using GenAI for security awareness content, you need the adaptive advantage… Everyone's talking about GPT (and not much else) It’s no secret. We’re at the start of a Generative AI (GenAI) revolution. GenAI...
Content analysis of persuasion principles in mobile instant message phishing
The popularity of Mobile Instant Messaging (MIM) Applications (apps) presents cybercriminals with a new venue for sending deceptive messages, known as ‘Phishing’. MIM apps often lack technical safeguards to shield users from these messages. The first step towards...
Encouraging organisational information security incident reporting
21st-century organisations can only learn how to respond effectively to, and recover from, adverse information security incidents if their employees report any incidents they notice. This should happen irrespective of whether or not they themselves triggered the...
Is the key to phishing training persistence?: Developing a novel persistent intervention
Most previous phishing interventions have employed discrete training approaches, such as brief instructions aimed at improving phishing detection. However, these discrete interventions have demonstrated limited success. The present studies focused on developing an...
Emotional cost of cyber crime and cybersecurity protection motivation behaviour: A systematic literature review
The impact of a cyberattack on an organisation is multifaceted, at the employee level, cyber threat is a sensitive issue which needs further understanding. Founded in psychology research, emotions affect protection motivation behaviours at the individual level in the...
Cyber resilient behavior: integrating human behavioral models and resilience engineering capabilities into cyber security
Cybercrime is on the rise. With the ongoing digitization of our society, it is expected that, sooner or later, all organizations have to deal with cyberattacks; hence organizations need to be more cyber resilient. This paper presents a novel framework of cyber...
Investigating cyber security awareness among preservice teachers during the COVID-19 pandemic
South African institutions of higher education suffered serious disruptions during the COVID-19 pandemic which, resulted in migrating most teaching and learning activities to various online platforms, of which many depended on the open web. This has the potential to...
GenAI for security awareness: What most people miss
Content creation is just one piece of the puzzle. If you’re using GenAI for security awareness content, you need the adaptive advantage… GenAI is a major force that’s transforming security awareness and human risk management. 93% of organizations are using, planning...
“Employees who don’t accept the time security takes are not aware enough”: The CISO view of human-centred security
In larger organisations, the security controls and policies that protect employees are typically managed by a Chief Information Security Officer (CISO). In research, industry, and policy, there are increasing efforts to relate principles of human behaviour...
Perfecting your phish simulations — The 85% sweet spot for optimal learning
I don’t normally choose Phishing as a research topic because I think the literature is saturated with insights. However, I see that many companies struggle with a few important details when it comes to Phishing simulations: What is the optimal Phishing simulation...
From compliance to impact: Tracing the transformation of an organizational security awareness Program
There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance − measured by training completion rates − to those resulting in behavior change. However, few prior studies have begun to unpack the...
Characterizing and measuring maliciousness for cybersecurity risk assessment
Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing...
Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in European Union
We use large-scale survey data from the Eurobarometer 77.2/2012 to explore variability in online activity, cyber-crime exposure, and security measures of end-users in European Union (EU27). While cyber-security is a high-priority activity for security experts and...
(Gen)AI and the human aspect of cybersecurity
WHITEPAPER(Gen)AI and the human aspect of cybersecurityThe buzz around generative artificial intelligence (GenAI) is deafening. And it’s getting louder by the minute. Promises of innovation abound. So do questions about reach and implications. As ChatGPT and Dall-E...