Articles

Ask a security practitioner what they want from a security awareness programme, and the immediate response you receive will sometimes be “to tick a compliance box”, sometimes “to reduce security risk” and sometimes “to achieve compliance and reduce risk, of course”....

In part two of this series of blogs reporting on our research project to “Reimagine Security Awareness” we feedback on what users told us would make them engage with security awareness training. Whereas part 1 covered the “do nots”, part 2 covers the “do dos”. We can...

Mention the phrase “mandatory training” to almost any employee and they will likely roll their eyes in despair. But security awareness must be part of the cyber defence strategy in any organisation. Truly engaging your employees is a critical element of this strategy....

Security awareness is, and will remain, a critical part of any security programme. But are companies making the wisest investment of time and money in this area? Legal and professional services firms could be losing thousands of pounds in billable revenue...

The Security Awareness market has existed in a recognisable form for about ten years now. Until very recently, however, solutions in the market have focussed almost exclusively on “training” users rather than actually changing their behaviour. Perhaps it’s because of...

We conducted a post phishing-test survey with a client and found that people held some intriguing perceptions… Phishing test-and-train solutions have their limitations, and they should definitely not be viewed as the only option available for providing guidance on...

With the football World Cup currently underway in Russia, and inevitable news that email fraudsters are seeking to take advantage of the event, it seems an apt time for a blog on email security. Although our topic of interest (email authentication) is a little less...

Over the last few years, phishing test and train solutions have become an increasingly common part of the security awareness toolkit. Of late, however, influential voices in academia and at the UK National Cyber Security Centre (NCSC) have started to raise some...

We know that security awareness training for all is an essential part of our organisational resilience to the growing risk from, and impact of, cyber-attacks. However, we see common and typical weaknesses in learning programmes: 1.    Overestimating the extent to...

Standard economic theory used to hold sway in its suggestion that we make decisions in a purely rational, selfish, way. It is now well established, however, that the reality is somewhat more complicated than that. The field of Behavioural Economics provides multiple...