Articles

The latest articles from ThinkCyber

Reimagining Security Awareness – What practitioners want

Ask a security practitioner what they want from a security awareness programme, and the immediate response you receive will sometimes be “to tick a compliance box”, sometimes “to reduce security risk” and sometimes “to achieve compliance and reduce risk, of course”....

read more

Reimagining Security Awareness – Do dos

In part two of this series of blogs reporting on our research project to “Reimagine Security Awareness” we feedback on what users told us would make them engage with security awareness training. Whereas part 1 covered the “do nots”, part 2 covers the “do dos”. We can...

read more

Reimagining Security Awareness – Ask the user

Mention the phrase “mandatory training” to almost any employee and they will likely roll their eyes in despair. But security awareness must be part of the cyber defence strategy in any organisation. Truly engaging your employees is a critical element of this strategy....

read more

Return on Awareness

Security awareness is, and will remain, a critical part of any security programme. But are companies making the wisest investment of time and money in this area? Legal and professional services firms could be losing thousands of pounds in billable revenue...

read more

As easy as M.A.P.

The Security Awareness market has existed in a recognisable form for about ten years now. Until very recently, however, solutions in the market have focussed almost exclusively on “training” users rather than actually changing their behaviour. Perhaps it’s because of...

read more

It’ll never happen to me…

We conducted a post phishing-test survey with a client and found that people held some intriguing perceptions… Phishing test-and-train solutions have their limitations, and they should definitely not be viewed as the only option available for providing guidance on...

read more

Email Security Own Goals!

With the football World Cup currently underway in Russia, and inevitable news that email fraudsters are seeking to take advantage of the event, it seems an apt time for a blog on email security. Although our topic of interest (email authentication) is a little less...

read more

Simulated phishing: the speed cameras of security awareness

Over the last few years, phishing test and train solutions have become an increasingly common part of the security awareness toolkit. Of late, however, influential voices in academia and at the UK National Cyber Security Centre (NCSC) have started to raise some...

read more

Security awareness: how much is enough?

We know that security awareness training for all is an essential part of our organisational resilience to the growing risk from, and impact of, cyber-attacks. However, we see common and typical weaknesses in learning programmes: 1.    Overestimating the extent to...

read more

Can we motivate people to protect themselves?

Standard economic theory used to hold sway in its suggestion that we make decisions in a purely rational, selfish, way. It is now well established, however, that the reality is somewhat more complicated than that. The field of Behavioural Economics provides multiple...

read more

Sign up for more information