Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Passive and active training approaches for critical infrastructure protection
In order to strengthen Critical Infrastructure's protection and resilience, it is central to invest in training and simulations, to spread a security culture and develop the awareness among all personnel involved in the Critical Infrastructure security. Nowadays,...
COVID-19 and phishing: Effects of human emotions, behavior, and demographics on the success of phishing attempts during the pandemic
Phishing is an online scam where criminals trick users with various strategies, with the goal of obtaining sensitive information or compromising accounts, systems, and/or other personal or organisational Information Technology resources. Multiple studies have shown...
Week in review: ProxyShell and Realtek SDK vulnerabilities exploitation, automated pentesting
Help Net Security
Locked the car, why not the computer: A qualitative and quantitative study on data safety compliance
Information technology has become an integral part of healthcare within the United Kingdom's National Health Service (NHS). All healthcare professionals are required to possess a certain level of computer knowledge and adhere to cyber ethics standards, which are...
22% of cybersecurity incidents in H1 2021 were ransomware attacks
Help Net Security
Hackers targeting vulnerable UK government and police servers
Information Age
Half of MS Exchange servers at risk in ProxyShell debacle
Computer Weekly
Hackers target Microsoft email sever vulnerabilities
Security Brief NZ
Ransomware attacks doubled in frequency during pandemic
ITProPortal
Ransomware attacks on UK organisations have doubled in the first half of 2021
Computing
Ransomware attacks are now the second most commonly reported security incident
BetaNews
Examining factors impacting the effectiveness of anti-phishing trainings
Approximately 65% of the organizations in the United States have fallen victim to a successful phishing attack. Many organizations offer anti-phishing training to their employees to defend against phishing attacks. The purpose of this study is to examine factors...
People ignore design that ignores people
Cyber attacks are mostly caused by liabilities created due to the human error and social engineering. Therefore, it is of importance for organisations to find a way to manage security in an effective manner, by taking into account the interactions between the social...
A novel SETA-based gamification framework to raise cyber security awareness
This paper aims to improve the employees’ cyber security awareness by developing an interactive video game, a cyber shield game, that includes various embedded threat scenarios. The proposed game consists of four levels. The password complexity level educates players...
BLACK TECH FEST REAFFIRMS COMPANIES COMMITMENT TO BRITISH BLACK COMMUNITY
StartUps Magazine
Response to a phishing attack: persuasion and protection motivation in an organizational context
This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational context. In a simulated field trial conducted in a financial institute, via PhishMe,...
Essential awareness of social engineering attacks for digital security
This study is an attempt to check the level of awareness of social engineering attacks among professionals who are working online. A survey of employees, who are working in Delhi NCR in different organizations and industries, was conducted. The results of the survey...
Pause for a cyber security cause: Assessing the influence of a waiting period on user habituation in mitigation of phishing attacks
This study designed, developed, and empirically tested a Pause and Think (PAT) mobile app that presented a user with a warning dialog and either a countdown or count-up timer whenever an email with a link was opened. The user was not able to interact with the email...
CatBERT: Context-aware tiny BERT for detecting targeted social engineering emails
Targeted phishing emails are a major cyber threat on the Internet today and are insufficiently addressed by current defences. In this paper, we leverage industrial-scale datasets from Sophos cloud email security service, which defends tens of millions of customer...
A survey study evaluating Internet users’ proneness to fall prey to social engineering attacks
This research evaluated the Internet users' proneness to fall prey to five most common types of social engineering attacks which are domain spoofing, email spoofing, search engine phishing, SMS phishing, and social media phishing. 350 volunteer participants...
Social research methods in cyber security: From criminology to industrial cyber security
The application of social research methods in cyber security requires a multidisciplinary combination since the security of technologies and communication networks is made up of a set of uses, techniques, and results directly conditioned by the parameters of...