Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Measuring the security culture in organizations: a systematic overview of existing tools
There has been an increase in research into the security culture in organizations in recent years. This growing interest has been accompanied by the development of tools to measure the level of security culture in order to identify potential threats and formulate...
A systematic review of scales for measuring information security culture
Purpose – The concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on organizational security. Different measurement instruments have been developed to measure...
The human factor in phishing: collecting and analyzing user behavior when reading emails
Phishing emails are constantly increasing their sophistication, and typical countermeasures struggle at addressing them. Attackers target our cognitive vulnerabilities with a varied set of techniques, and each of us, not trained enough or simply in the wrong moment,...
Exploring the evidence for email phishing training: A scoping review
Background: Phishing emails are a pervasive threat to the security of confidential information. To mitigate this risk, a range of training measures have been developed to target the human factors involved in phishing email susceptibility. Despite the widespread use of...
Knowledge articulation: the secret sauce in GenAI for security awareness
How knowledge articulation in GenAI supports security awareness, learning, and collaboration—and how to fully unlock its potential GenAI models like ChatGPT, Google Gemini, and DALL-E are wowing the world with their content creation powers. Many of us don't realize...
How do professionals assess security risks in practice? An exploratory study
There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of...
Fortifying healthcare: An action research approach to developing an effective SETA program
Organizations continue to use security education training and awareness (SETA) programs to reduce the number of cybersecurity incidents related to phishing. A large healthcare organization contacted the authors to share that they continued to struggle with the...
How to keep your information secure? Toward a better understanding of users security behavior
Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two...
A systematic review of current cybersecurity training methods
Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way...
A taxonomy of SETA methods and linkage to delivery preferences
Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA...
Habit
This paper discusses three distinct concepts related to habits: the differences between habitual and non-habitual states of consciousness; a hierarchy of habits; and the development of habits which depends on repetition, attention, intensity of the experience, and the...
GenAI for security awareness: Can GenAI’s predictive analytics transform tired training?
Content creation is just one piece of the puzzle. If you’re using GenAI for security awareness content, you need the adaptive advantage… Everyone's talking about GPT (and not much else) It’s no secret. We’re at the start of a Generative AI (GenAI) revolution. GenAI...
Content analysis of persuasion principles in mobile instant message phishing
The popularity of Mobile Instant Messaging (MIM) Applications (apps) presents cybercriminals with a new venue for sending deceptive messages, known as ‘Phishing’. MIM apps often lack technical safeguards to shield users from these messages. The first step towards...
Encouraging organisational information security incident reporting
21st-century organisations can only learn how to respond effectively to, and recover from, adverse information security incidents if their employees report any incidents they notice. This should happen irrespective of whether or not they themselves triggered the...
Is the key to phishing training persistence?: Developing a novel persistent intervention
Most previous phishing interventions have employed discrete training approaches, such as brief instructions aimed at improving phishing detection. However, these discrete interventions have demonstrated limited success. The present studies focused on developing an...
Emotional cost of cyber crime and cybersecurity protection motivation behaviour: A systematic literature review
The impact of a cyberattack on an organisation is multifaceted, at the employee level, cyber threat is a sensitive issue which needs further understanding. Founded in psychology research, emotions affect protection motivation behaviours at the individual level in the...
Cyber resilient behavior: integrating human behavioral models and resilience engineering capabilities into cyber security
Cybercrime is on the rise. With the ongoing digitization of our society, it is expected that, sooner or later, all organizations have to deal with cyberattacks; hence organizations need to be more cyber resilient. This paper presents a novel framework of cyber...
Investigating cyber security awareness among preservice teachers during the COVID-19 pandemic
South African institutions of higher education suffered serious disruptions during the COVID-19 pandemic which, resulted in migrating most teaching and learning activities to various online platforms, of which many depended on the open web. This has the potential to...
GenAI for security awareness: What most people miss
Content creation is just one piece of the puzzle. If you’re using GenAI for security awareness content, you need the adaptive advantage… GenAI is a major force that’s transforming security awareness and human risk management. 93% of organizations are using, planning...
“Employees who don’t accept the time security takes are not aware enough”: The CISO view of human-centred security
In larger organisations, the security controls and policies that protect employees are typically managed by a Chief Information Security Officer (CISO). In research, industry, and policy, there are increasing efforts to relate principles of human behaviour...
Perfecting your phish simulations — The 85% sweet spot for optimal learning
I don’t normally choose Phishing as a research topic because I think the literature is saturated with insights. However, I see that many companies struggle with a few important details when it comes to Phishing simulations: What is the optimal Phishing simulation...