Building a Culture of Security

Reading Time: 1 minuteIn this whitepaper, Adobe explain how they’ve become an established global leader in security culture, training and awareness. They offer insight into the programs and schemes they run in order to maintain a culture of security.   Read full...

Human Behaviour as an aspect of Cyber Security Assurance

Reading Time: 1 minuteThis paper considers existing research into cyber security assurance processes in an effort to identify elements of cyber security that would benefit from further research and development. It concludes the cyber security industry would benefit...

Nudging Online Security Behaviour with Warning Messages

Reading Time: 1 minuteResearchers tested the effectiveness of 9 different ways of warning users about cyber security threats. Making users aware of the steps they could take to minimise risk was effective in triggering more secure behaviour. Gain-framed messages,...

Awareness is only the first step

Reading Time: 1 minuteImproving cyber security awareness is often assumed to improve cyber security, however this paper suggests it’s necessary for people to be engaged in cyber security in order to make people a robust cyber defence. The paper builds a model...

On cyber security, technology and human behaviors

Reading Time: 1 minuteAccording to this post, it’s important to take an innovative approach when it comes to cyber security as conventional means (such as posters or one-time awareness training) do not change behavior. Further, the post suggests risk-mitigating...

The Current State of Phishing Attacks

Reading Time: 1 minuteThis article discusses phishing attacks. It introduces the anatomy of a phishing attack, considers why people fall for phishing attacks and estimates the damage of phishing attacks. The article also discusses common tecniques for preventing...

Phishing IQ Tests Measure Fear, Not Ability

Reading Time: 1 minuteWe argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to...

Decision strategies and susceptibility to phishing

Reading Time: 1 minuteThis study reports on what everday user do when they come across suspicious emails. An analysis suggests people can manage risks they’re familiar with but are unable to extrapolate their strategies to deal with unfamiliar risks.   Read...

Why phishing works

Reading Time: 1 minuteResearchers exploring why phishing continues to fool people asked 22 people to categorise 20 websites as either fraudulent or legitimate. They found 23% of participants did not look at browser-based security cues, leading to incorrect choices 40%...

Users are not the enemy

Reading Time: 1 minuteIn the late 90’s, it was largely considered users were unmotivated and lazy when it came to cyber security. This UCL research suggested, actually, users compromised security systems through lack of security knowledge and non-user centric...