Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Repeat clicking: A lack of awareness is not the problem
Although phishing is the most common social engineering tactic employed by cyber criminals, not everyone is equally susceptible. An important finding emerging across several research studies on phishing is that a subset of employees is especially susceptible to social...
“Repeat Offenders” in cyber security – Black hat Europe executive summit 2021 keynote
What is the problem with so-called “repeat offenders” We can answer that question in two ways. The easy way, and the right way. Let’s start with the simple answer. Many people would say that the problem with “repeat offenders” is repeat incidents, or at least repeat...
The enduring mystery of the repeat Clickers
Individuals within an organization who repeatedly fall victim to phishing emails, referred to as Repeat Clickers, present a significant security risk to the organizations within which they operate. The causal factors for Repeat Clicking are poorly understood. This...
How to deal with individuals who repeatedly fail phishing simulations
In most companies, a small percentage of employees repeatedly fail phishing simulations. These “repeat responders” should be addressed through frequent phishing exercises to build muscle memory in identifying a phish. The cybersecurity team should work to identify...
Phishing for long tails: Examining organizational repeat clickers and protective stewards
Organizational cybersecurity efforts depend largely on the employees who reside within organizational walls. These individuals are central to the effectiveness of organizational actions to protect sensitive assets, and research has shown that they can be detrimental...
The new SEC cybersecurity rules: What’s happened so far, how it’s changing security awareness, and what it means for you
Security awareness compliance is transforming. Are you ready? The SEC's cyber disclosure rules are a sea change for public companies. Part of a growing global trend, the rules are a major step forward in enhancing transparency and investor protection in the face of...
Research on the effectiveness of cyber security awareness in ICS risk assessment frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social engineering attacks. This research aimed to determine the effect of cyber security awareness on the emergency response to cyber security incidents in the...
Social phishing
Phishing is a form of social engineering in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party. Phishing attacks today typically employ generalized “lures.” For instance, a phisher...
Investigation of human weaknesses in organizational cybersecurity: A meta-analytic approach
The rapid proliferation of digital technology and the increasing reliance on digital systems have made cybersecurity a critical concern for organizations and individuals worldwide. While technical solutions have been the primary focus in addressing cybersecurity...
On demand webinar: What (Gen)AI means for security awareness in 2024
ON DEMAND WEBINARWhat (Gen)AI means for security awareness in 2024Unpacking the power and perils of GenAI in cybersecurityAre you thinking about your AI strategy as it relates to security awareness? You’re not alone. Join our host CybSafe CEO, Oz Alashe MBE, and guest...
Development of a new ‘human cyber-resilience scale’
While there has been an upsurge in interest in cyber resilience in organizations, we know little about the resilience of individuals to cyber attacks. Cyber resilience in a domestic or non-work setting is important because we know that the majority of people will face...
What drives generation Z to behave security compliant? An extended analysis using the theory of planned behaviour
Cyber security remains a relevant topic for organisations. While companies invest in expensive security tools security awareness training often is neglected, even though human error still accounts for a large part of cyber incidents (Gartner, 2022). At the same time...
Understanding digital-safety experiences of Youth in the U.S.
The seamless integration of technology into the lives of youth has raised concerns about their digital safety. While prior work has explored youth experiences with physical, sexual, and emotional threats—such as bullying and trafficking—a comprehensive and in-depth...
Bottom-up psychosocial interventions for interdependent privacy: Effectiveness based on individual and content differences
Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people's information). This...
Developing metrics to assess the effectiveness of cybersecurity awareness program
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a...
SCENE: A structured means for creating and evaluating behavioral nudges in a cyber security environment
Behavior-change interventions are common in some areas of human-computer interaction, but rare in the domain of cybersecurity. This paper introduces a structured approach to working with organisations in order to develop such behavioral interventions or ‘nudges’. This...
What your workforce wishes the cyber team knew
Being a CISO or a member of a cybersecurity team can be a thankless job. Crucial work is being done daily, often in the hope that…nothing happens! Whilst proving the value of the cybersecurity team to the board is one thing – how does the workforce think they’re...
New research shows high regard for cybersecurity teams within organizations, but visibility issues persist
Canary Wharf, London, 5th Feb 2024- 97% of office workers across the UK and US trust their cybersecurity team’s ability to prevent or minimize damage from cyberattacks, according to new CybSafe research. The study examining attitudes towards cybersecurity teams...
The nudge puzzle: Matching nudge interventions to cybersecurity decisions
Nudging is a promising approach, in terms of influencing people to make advisable choices in a range of domains, including cybersecurity. However, the processes underlying the concept and the nudge’s effectiveness in different contexts, and in the long term, are still...
Toward sustainable behaviour change: An approach for cyber security education training and awareness
Effective information security education, training and awareness (SETA) is essential for protecting organisational information resources. Whilst most organisations invest significantly in implementing SETA programs, the number of incidents resulting from employee...
Towards an improved understanding of human factors in cybersecurity
Cybersecurity cannot be addressed by technology alone; the most intractable aspects are in fact sociotechnical. As a result, the 'human factor' has been recognised as being the weakest and most obscure link in creating safe and secure digital environments. This study...