WFE Staff Behavior and Culture Best Practice Guidelines

Reading Time: 1 minuteA set of best practice guidelines published by the WFE designed to encourage a culture of cyber security compliance, including ideas on behavioural incentives, cultural incentives and operational support.   Read full paper    ...

Deep Thought: A Cybersecurity Story

Reading Time: 1 minuteideas42 aims to help solve difficult social problems using insights from behavioural science. In this instance, the problem in question is the human aspect of cyber security. The paper applies psychology and behavioural science principles to...

The Human Factor in Cybercrime and Cybersecurity

Reading Time: 1 minuteA Research Agenda publication aiming to stimulate research on the human factor in cyber crime and cyber security. This book offers examples of unanswered research questions and methods and datasets that could be used for future studies.  ...

Awareness is only the first step

Reading Time: 1 minuteImproving cyber security awareness is often assumed to improve cyber security, however this paper suggests it’s necessary for people to be engaged in cyber security in order to make people a robust cyber defence. The paper builds a model...

On cyber security, technology and human behaviors

Reading Time: 1 minuteAccording to this post, it’s important to take an innovative approach when it comes to cyber security as conventional means (such as posters or one-time awareness training) do not change behavior. Further, the post suggests risk-mitigating...

Cyber security: a failure of Imagination by CEOs

Reading Time: 1 minuteThis paper discusses the involvement of CEOs in cyber security. Backed up by strong research, it explores the current state of CEO involvement, addresses some of the challenges involved in CEO involvement and offers four golden rules of cyber...

Predicting Privacy and Security Attitudes

Reading Time: 1 minuteWhile individual differences in decision-making have been examined within the social sciences for several decades, this research has only recently begun to be applied by computer scientists to examine privacy and security attitudes (and...

An Extended Perspective on Individual Security Behaviors

Reading Time: 1 minuteSecurity threats regularly affect users of home computers. As such, it is important to understand the practices of users for protecting their computers and networks, and to identify determinants of these practices. Several recent studies utilize...

Scam Compliance and the Psychology of Persuasion

Reading Time: 1 minuteThis paper finds four reliable factors contribute to susceptibility to persuasion: influence of authority, social influence, self-control and the need for consistency. The paper finds all four inform susceptibility to scam compliance.   Read...

A Study of Social Engineering in Online Frauds

Reading Time: 1 minuteResearchers analyse 200 scam emails in search of patterns, and find alert and account verification, urgency, potential monetary gain, business proposals and mentions of large, unclaimed funds are repeatedly used in scam emails.   Read full...

On The Security of Password Manager Database Formats

Reading Time: 1 minuteFindings from this paper show that most password managers are easily broken and use storage formats that are easily accessible, even to weak adversaries. The work does, however, show that it is possible to theoretically construct a format that is...

The psychology of security for the home computer user

Reading Time: 1 minuteThe home computer user is often said to be the weakest link in computer security. They do not always follow security advice, and they take actions, as in phishing, that compromise themselves. In general, we do not understand why users do not...

European Online Grooming Project: Final Report

Reading Time: 1 minuteA report on the findings of an ambitious project aiming to understand the behaviours involved in online grooming across Europe. The report concludes groomers’ behaviours vary wildly and that, by facilitating anonymity, technology helps...