Articles

The latest articles from ThinkCyber
Taking it to the people

Taking it to the people

There is no doubt that face-to-face security awareness activities are a valuable part of the practitioner’s toolkit. But, given current events, we need to think differently. In this article we explore why face-to-face sessions can be so effective. And look at how we...

read more
Is security everybody’s responsibility?

Is security everybody’s responsibility?

The statement “security is everybody’s responsibility” is a common refrain. And it is an ideal end-state culture for many organisations. Certainly from the perspective of the IT Security team – they provide the tools and controls, but everyone does their bit in...

read more
Failure might not be the teachable moment we think it is…

Failure might not be the teachable moment we think it is…

It’s a commonly held belief that we learn from failure. But recent research has found the opposite: failure undermines learning. The results of this research raise questions about “phish-test-train” strategies to increase staff understanding of phishing attacks. The...

read more
Still chasing users to do their awareness training?

Still chasing users to do their awareness training?

One organisation recorded just a 17% completion rate following their initial email asking people to do mandatory security awareness training… …it’s little wonder some businesses end up with a cottage industry of line managers, HR and infosec staff chasing people to...

read more
Reimagining Security Awareness – What practitioners want

Reimagining Security Awareness – What practitioners want

Ask a security practitioner what they want from a security awareness programme, and the immediate response you receive will sometimes be “to tick a compliance box”, sometimes “to reduce security risk” and sometimes “to achieve compliance and reduce risk, of course”....

read more
Reimagining Security Awareness – Do dos

Reimagining Security Awareness – Do dos

In part two of this series of blogs reporting on our research project to “Reimagine Security Awareness” we feedback on what users told us would make them engage with security awareness training. Whereas part 1 covered the “do nots”, part 2 covers the “do dos”. We can...

read more
Reimagining Security Awareness – Ask the user

Reimagining Security Awareness – Ask the user

Mention the phrase “mandatory training” to almost any employee and they will likely roll their eyes in despair. But security awareness must be part of the cyber defence strategy in any organisation. Truly engaging your employees is a critical element of this strategy....

read more
Return on Awareness

Return on Awareness

Security awareness is, and will remain, a critical part of any security programme. But are companies making the wisest investment of time and money in this area? Legal and professional services firms could be losing thousands of pounds in billable revenue...

read more
As easy as M.A.P.

As easy as M.A.P.

The Security Awareness market has existed in a recognisable form for about ten years now. Until very recently, however, solutions in the market have focussed almost exclusively on “training” users rather than actually changing their behaviour. Perhaps it’s because of...

read more
It’ll never happen to me…

It’ll never happen to me…

We conducted a post phishing-test survey with a client and found that people held some intriguing perceptions… Phishing test-and-train solutions have their limitations, and they should definitely not be viewed as the only option available for providing guidance on...

read more

Find out more