Resources
Latest cyber security news, views and insights.
How to strengthen your cybersecurity with user research
User research: How to conduct it, and wield its powers for good What makes a good movie? I’d argue that it’s characters with good backstories. There’s nothing more satisfying to me than seeing how a character’s past experiences shape their worldview. Than...
Security awareness is dead: 4 things holding your organization back
Is security awareness haunting your organization? Boo! No, that’s not the sound of the ghost of security awareness (which is dead, by the way). It’s the sound of us booing it—or, at least, booing the organizations that still put it on a pedestal. Security awareness...
How to make data backups a regular part of everyone’s day
Back to security basics: Let’s back things up a little Last time we explored how the simple lock screen keeps data out of the wrong hands. This time, we’re looking at a form of protection that always pays off: backups.Data loss is a very real danger, and it’s a major...
Behave: A human risk podcast by CybSafe
Behave: A human risk podcast by CybSafeEXPLORE CHANNELS The threat landscape is constantly changing. But security behaviors aren't. That’s because awareness alone isn’t enough to lower human cyber risk. It never has been. We’ve been saying it for a long time....
Achievement unlocked: How behavioral science transforms device security
Why this security no-brainer gets pushback, and what you can do about it Last time we looked at why dirty password habits are so persistent. This time we’re taking stock of locks—or a lack thereof. Be it PIN, pattern, or biometrics, a lock screen is a cybersecurity...
Free webinar: Security awareness in 2023
FREE WEBINAR CybSafe's 2023 security awareness predictions An expert-led analysis of cybersecurity threats and trends. Thursday 8th December 15:00 GMT Another year, another series of year-end round-ups and predictions from industry voices. The truth is, what...
Why people are so attached to their dirty password habits
Last week, we talked about traditional security awareness and training, and why it doesn’t work. This time around, it’s all about passwords.On the whole, people have some questionable password habits which would make any security professional break out in a cold...
Survey says: RIP traditional security awareness and training
Last time, we looked at how (fiendishly simple) virtual private networks (VPNs) thwart cyberthreats.Today, we’re talking about the human risk management OG: security awareness and training (SA&T). But this isn’t about your regular 20-year-old syllabus. No, no ......
Stealing your company’s data is a piece of cake
Would you like some data theft with your coffee? Last time, we explored auto-updates and why your people aren’t getting around to enabling them. This week’s topic is one that's just as easily overlooked.It goes like this. Your new marketing guy, Dave, is waiting for a...
We need to stop referring to humans as security “assets”
We were wrong. Humans are NOT “security assets”.First, the industry referred to people as the “weakest link” in cybersecurity. Because you know how those pesky things click on every link they’re sent. Then they became the “strongest asset” because the industry...
Security awareness is dead (or dying)
Security awareness is dead (or dying)The slow death of security awareness is happeningOver 90% of cyber security incidents are linked to people. So why are organizations only paying lip service to human cyber risk? Why are tick-box training and phishing simulations...
Your cyber security goals are worthless. There, we said it
Here’s the thing. Your cybersecurity goals are very noble. You know the risks you want to avoid, and that’s great. Except it could all count for nothing. If you’re a security awareness professional, don’t quit your job just yet. We want to get you on your way to...
On Demand Webinar: Using SebDB to reduce key business risks
FREE WEBINAR How to use SebDB to reduce your human risk A conversation with Dr. Jason NurseHow many security behaviors are you targeting? And which risks have you linked them to? Most security professionals set broad goals like “reduce malware infections”. But they...
Why are your people still snoozing updates?
Enabling auto-updates is more complicated than you think Last week, our CEO recommended a few ways to influence long-term security behaviors. This week, we’re jumping into auto-updates. “Change is the only constant.” That’s certainly true as far as IT is concerned....
10 ways to influence long-term security behaviors
Just because your security awareness training is ‘engaging’ doesn’t mean it works Creative, funny, and wildly engaging security awareness training doesn’t lead to lasting behavior change. What it does is make people say, “I really enjoyed your training and...
Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2022
How much does attitude impact behaviour — and increase cyber security risk? To answer that question and more, CybSafe and the National Cybersecurity Alliance have partnered to produce the (first of its kind) Oh Behave! The Annual Cybersecurity Attitudes and Behaviors...
A lesson on security behaviors
It’s time you learnt your lesson about security behaviors Assign all the traditional security awareness training you want. Your people will probably attend every session and tick all the right boxes, but their security behaviors won’t change. But that doesn’t mean...
On Demand Webinar: Influencing specific security behaviors: Real-world examples
FREE WEBINAR Influencing specific security behaviors: Real-world examples How the CybSafe platform can help you influence (and change) specific security behaviorsHow long have you been relying on traditional security awareness training to lower your human risk?...
It’s time to stop exposing yourself online
In last week’s Behave Series blog, we explored phishing simulations, and how to put them to work in your organization.This week, we’re staging an intervention. Because you've just got to stop revealing so much of yourself to Internet strangers. Oh, and, we’re talking...
A new approach to simulated phishing
A new approach to simulated phishingHow to run simulated phishing campaigns (the right way) and reduce your human cyber riskAnyone can be phished. Anyone. All it takes is the right email, sent at the right time, in the right situation. Yeah, that’s a lot of ‘rights’...
Goodbye, security awareness training!
It’s time to pull the plug on traditional security awareness training We know it’s hard to let go. But this is getting out of hand. Traditional security awareness training has been on its deathbed for so long now that our eyes water whenever we get a whiff of...