Phishing scams evolve constantly. Don’t they?
On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve.
On the other hand, the the nuts and bolts of phishing scams are surprisingly static. On the whole, phishing attacks are quick, cheap and disastrously effective. Knowing this, criminals rarely tweak the inner workings of their phishing scams all that much.read more
The consequences of phishing can be severe…
It’s widely reported, for example, that tech giants including Facebook and Google sent as much as $100m directly to criminals following a spear phishing campaign that went on for more than two years.read more
In 2017, an email prankster targeted the White House.
The prankster’s goal was simple: to trick White House staff into responding to fraudulent emails for nothing more than a cheap thrill. With little to gain from the endeavour, the prankster’s efforts were basic.
The trickster wrote a simple email purporting to be from Donald Trump’s son-in-law, Jared Kushner. He sent it off to Tom Bossert (at the time Homeland Security Advisor). And he waited to see if the security advisor would respond.read more
As phishing filters are far from perfect, can phishing ever really be prevented?
Today, with phishing attacks on the rise and the cyber threat landscape constantly evolving, most companies employ some form of technological phishing filter to help prevent phishing.
Such filters typically rely on machine learning to check and categorise incoming emails and, after doing, prevent suspicious emails from making it into corporate inboxes.read more
You’ve received an email. As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be malicious – no matter what it looks like. How do you check whether or not the email is a phishing attack? Step 1: Is the email...read more
Incredibly, traditional cyber security awareness training may actually decrease security awareness. Here’s how to ensure your security awareness campaigns increase resilience. Last year, researchers looking into the security of mobile devices inadvertently uncovered...read more
Phishing attacks often seem rudimentary. With their spelling and grammar errors, blurry replicas of company logos and conspicuous twists on sender names, they should be easy to spot, shouldn’t they? So why is it, instead of dying down, phishing attacks are on the...read more
People are more likely to be a victim of identity theft than any other type of cybercrime… and phishing can be a precursor In order to steal your identity, criminals need to get hold of your personal information. That’s all it really takes to begin opening bank...read more
In 2018, some reports suggest the number of phishing attacks are falling. Is that really the case? Phishing attacks have been on the rise for a long time now. According to the UK government’s most recent cyber security breaches survey, they cause more data breaches...read more
To demonstrate why security awareness training so often fails, it’s worth conducting a quick thought experiment. Imagine you’re a smoker and, one day, you find out you’re genetically susceptible to lung cancer. Thanks to your genes, you’re two-three times more likely...read more
Online security awareness training is now the most popular form of security awareness training in the world. As we noted here, that’s good news when it comes to measuring the effectiveness of security awareness training. Offline, things aren’t so easy to track....read more
The scope of cyber security awareness training continues to increase. While the below list of topics to include in awareness training is far from exhaustive, each should be a foundational pillar of security awareness campaigns. Building campaigns around the below can...read more
Infographic: The 4 different types of security awareness trainingread more
Generally speaking, traditional security awareness training is delivered in one of four ways: 1. Classroom-based training 2. Visual aids (including video) 3. Through simulated attacks 4. Computer-based training Resource challenges and environmental contexts often...read more
Infographic showing 7 reasons why security awareness training is important.read more
In 2018 data breaches cost UK organisations an average of £6.4 million.
Human error, meanwhile, accounted for anywhere between 60% and 90% of those breaches.
Those facts alone are usually enough to convince people security awareness training is important.
At the time of writing, Google tells us security awareness training is “a formal process for educating employees about computer security.”You can bet it’s a prevalent definition: the search engine sifts through every indexed web page ever written on the topic to return the single, succinct and simple sentence.read more
It’s an unfortunate fact, evident to both those who work in security and those who don’t, that security awareness training in its current form isn’t working.read more
CybSafe’s many technological innovations often intrigue audiences during demonstrations – and elicit questions that aren’t necessarily run-of-the-mill.read more
Wow. We’re super pumped about life right now. This is because following an investment of £3.5m in Series A funding, our award-winning cyber security awareness platform is poised to explore new territory and continue breaking boundaries.read more
Have you ever wondered whether your reduced phishing susceptibility rate is really telling the full story? Or wondered why it may be low one week but spike the next?read more
Let’s talk domains. Not web domains, but domains in life. Areas, specialisms, disciplines – call them what you want. Domain dependence is indeed pervasive. And it could be why so many people struggle to take cyber security as seriously as they should.read more
Whether through simulated attacks or otherwise, psychological research suggests awareness campaigns that connect with people on an emotional level will do far more good than those that don’t.read more
Today, creating and distributing viruses has become a highly lucrative, full-time and highly illegal occupation within the industry now referred to as cybercrime. It’s an industry that cost UK businesses a total of £29 billion in 2016 and one that targeted 73% of the top 100 law firms in 2016. And yet, over the past 50 years, surprisingly little has changed.read more
The human preference for consistency could boost security – but in practice it often does the exact oppositeread more
PeepSec, the world’s first free, online summit on the people, culture and social aspects of cyber security, took place during London Tech Week between Monday the 11th and Friday 15th of June. Here’s what you missed on days four and five…read more
22 expert speakers offered actionable and practical advice on the most pressing issues facing the security industry today. For those who couldn’t make it, here’s what you missed on the first three days. You can now get immediate access to all 22 PeepSec talks by simply registering for free here.read more
The definition of the human aspect of cyber security is changing. Here’s what it means in a traditional sense, as well as what it will mean in the future.read more
The world’s first 100% free, 100% virtual summit focused on the people, culture and social aspects of cyber security will take place during London Tech Week 2018read more
Do you know why your phone needs updating? Do you know how a ‘VPN’ could help keep your personal data safe? And how much do you think it costs to buy access to a webcam? Take the quiz now and you’ll soon find out whether you’re right.read more
Introducing the Research Library: the world’s first archive of research into the human aspect of cyber security
The Research Library is a vault summarising and linking to, at present, 148 (although that number is growing) research papers, models, frameworks and resources on the human aspect of cyber security.read more
The Nobel Prize winning economist Gary Becker was first to introduce the idea of crime being rational, under the broader economic theory of rational choice. When it came to making decisions, Becker thought, people made choices based on the expected costs and expected benefits of each available course of action.read more
Advice for companies affected by the upcoming NIS Directive On the 28th January, 2018, the UK’s National Cyber Security Centre published guidance on the upcoming Network Information Systems (NIS) Directive, which is set to come into force on the 9th May this...read more
Resident CybSafe psychologist, Tom Cross, looks into when simulated attacks are of most use to companiesread more
Get your people interested in cyber security and you become more resilient. Here’s how to go about it, starting with the potential end of the world.read more
Although we rarely consider it, ultimately, every email we receive comes with a certain amount of risk. The same goes for every phone call we answer. And every new programme we download.read more
With new laws, new threats and data breach cover-ups, 2017 was another big year for cyber security. Here are the stories everyone was talking about.read more
A 2017 survey revealed 52% of organisations’ cyber security budgets are increasing, with 23% of the increases dedicated to training.read more
How the ‘cocktail party effect’ leaves us vulnerable to attack – and what the cyber security industry might be able to do about itread more
Leading business technology publication Computing hands CybSafe sought-after Security Excellence Award We’re delighted to announce CybSafe has been named Security Training Provider of the Year at Computing’s Security Excellence Awards 2017. The Security Excellence...read more
Black Friday and Cyber Monday are notoriously conducive to cyber scams. In this article, CybSafe founder Oz Alashe offers five tips on staying safe during the annual salesread more
Why we’re so comfortable handing out personal details online – and how we may be able to reverse the trend On a mild July evening in 2010, Leo Hickman set out to meet a woman named Louise. At the time Louise, a 30-something recruitment consultant with straight, auburn...read more
How much do you really know about cyber crime? The ‘overconfidence effect’ means experts usually suffer from false-confidence. Do you really know cyber security inside out? Take this quiz to find out.read more
Our attitudes to loss make us vulnerable online. Here’s how we can nullify the risks – starting with a question. Which of these two generous offers would you rather take up? The first is £1000 in cash with no strings attached. The second is the chance to win £2000 – but only if a coin toss lands on heads.read more
Infographic showing how you can install spyware into your system while communicating with scammers.read more
Infographic showing how dated operating systems can allow hackers to access vulnerable devices.read more
Infographic showing how malware can infect your system and what to look out forread more
In 2015, the healthcare sector experienced more cyber security incidents than any other industry. Over 100 million healthcare records were reportedly compromised in a period commentators have since labeled “the year of the healthcare breach”.read more
In the last financial year, attacks on UK law firms increased by 20%. This explains why, on joining his current legal practice, Information Security Analyst Vihaan Amin was tasked with decreasing breaches and improving his new employer’s resilience.read more
Initially, Greenwood was searching for a cost-effective solution that would introduce his people to the advancing threats posed by cyber criminals. After consideration, he decided CybSafe fit the bill.read more
The financial sector has long been a target for cyber criminals. Which is precisely why Adam Davies, Chief Information Security Officer of a renowned UK high street bank, is constantly looking for new ways to keep customer data secure.read more
Large enterprises beginning to question SME cyber security, Inaugural CybSafe Supplier Cyber Security Study finds
1 in 3 SMEs say they needed cyber security precautions to win new contracts in the last year alone. As part of our Inaugural CybSafe Supplier Cyber Security Study, we looked into the cyber defences enterprise customers are now demanding of SME suppliers.read more
Your people are often cited as one of the greatest cyber security risks your company faces. By changing their behaviour, CybSafe turns them into a resilient line of defence For cyber criminals, it must seem so easy. Step 1: Gather personal information Step 2: Send a...read more
How can cyber security professionals use psychology to help people prioritise cyber security in the workplace?read more
To truly increase cyber resilience, cyber security training is going to need to focus on changing human behaviourread more
Following a series high-profile cyber attacks, most cyber security professionals predict the future will be bleak. Our CEO, Oz Alashe, meanwhile, has other ideasread more
The vast majority of today’s cyber criminals choose to exploit human vulnerability. By properly addressing the human side of cyber security, your people can become your greatest defence.read more
By tapping into human psychology, we can take a fundamental leap towards increasing people’s awareness of pretty much anything – cyber security included.read more
Cybercrime and cybercrime success are both on the up. To stand any chance of meaningfully reducing cybercrime, we need to call on an underused resource.read more
Armed with intelligence on how they might be attacked, businesses can take steps to mitigate risks, safeguard reputations and minimise financial losses.read more
Technology will be vital. As will collaboration between the public and private sectors. But to truly beat cyber crime, we’re going to need to check every single box…read more
When it comes to the human aspect of cyber security, the optimism bias can cause problems. Here’s what we can do about it.read more
GDPR isn’t a money making tool. The new fines should not be a business’s primary concern. What businesses should be focusing on is increasing resilience to minimise breaches.read more
Following WannaCry, how can businesses ensure they’re unaffected by the cyber attacks of the future? By calling on a readily available, underutilised resource.read more
Cyber security terminology is cryptic and confusing. But does cyber security jargon in fact help criminals attack?read more
While causes of cyber attacks vary, some are remarkably widespread. These 3 easily-preventable causes show how easy some criminals have it.read more
Stay up to date
Sign up to our newsletter for the latest cyber security news, views and insights.