Introducing the Research Library: the world’s first archive of research into the human aspect of cyber security

Introducing the Research Library: the world’s first archive of research into the human aspect of cyber security

Did you know as security training frequency increases, security awareness seems to decrease? Or that messages of fear can backfire if threats never actually materialise? Or how about that people who are familiar with Facebook are in fact more likely to be scammed via Facebook? The above little-known findings all come from academic research. And each could help improve security awareness programmes. Which is why, today, we’re pleased to announce the launch of the CybSafe Research Library: a new, comprehensive and growing archive of academic research into the human aspect of cyber security....
Why it sometimes makes sense to throw cyber security out the window

Why it sometimes makes sense to throw cyber security out the window

And what cyber security professionals can do to make sure it never happens When is it a good idea to commit a crime? Some say never. Some say properly adhered to laws are what allow societies to live harmoniously and prosperously. But consider something as simple as speeding. Most would likely admit that, a majority of the time, speeding is a bad idea. Certainly, if we all decided to speed all of the time, driving would become a great deal more risky. So most of the time, we adhere to speed limits. Until the expected costs and/or the expected benefits of speeding change. Deserted roads on a...
“The best way to avoid £17m fines is to stop trying to avoid £17m fines”

“The best way to avoid £17m fines is to stop trying to avoid £17m fines”

Advice for companies affected by the upcoming NIS Directive   On the 28th January, 2018, the UK’s National Cyber Security Centre published guidance on the upcoming Network Information Systems (NIS) Directive, which is set to come into force on the 9th May this year. The Directive is one of the most important pieces of cyber security legislation to hit the UK yet. But in recent months, it’s largely been overshadowed by GDPR. Unlike GDPR, the NIS Directive has rarely made headlines and is far less likely to have been discussed in corporate board meetings. Over the last few days, in...
Should you phish your own people?

Should you phish your own people?

Resident CybSafe psychologist, Tom Cross, looks into when simulated attacks are of most use to companies More than a few articles have been circling of late suggesting simulated phishing does little to increase cyber security awareness. ‘Links are meant to be clicked on, attachments are meant to be opened,’ such articles say. ‘[Sometimes a] job consists almost entirely of opening attachments from strangers, and clicking on links in emails’ – thus there is no point in running educational phishing programmes. We understand the sentiment. But, actually, here at CybSafe, we don’t quite fully...
10 ways to get your people interested in cyber security

10 ways to get your people interested in cyber security

Get your people interested in cyber security and you become more resilient. Here’s how to go about it, starting with the potential end of the world. Uranium centrifuges facilitate either nuclear power or nuclear weapons. They’re powerful, valuable and extremely dangerous when in the wrong hands. Stuxnet, meanwhile, is a software that causes irreparable damage to Siemens motors – which are often connected to Uranium centrifuges. In 2010, Stuxnet began attacking Siemens motors. Now – why is it people are largely disinterested in cyber security training? Cyber security still unexciting...
Protecting the people running on autopilot

Protecting the people running on autopilot

How people can take proper precautions online without even having to think I imagine you’ll have experienced something like this before. You’ve been tied up in a report for the last hour or two. Your concentration is waning and you need a change of pace. So you turn to your emails and delete any junk. You read through emails that require consideration and make a note to respond in due course. Then you turn your attention to one specific email from a colleague. The email links to an online article and it asks you to take a look. You’ve got some time and the article is of relevance. Given the...