Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
From compliance to impact: Tracing the transformation of an organizational security awareness Program
There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance − measured by training completion rates − to those resulting in behavior change. However, few prior studies have begun to unpack the...
Characterizing and measuring maliciousness for cybersecurity risk assessment
Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing...
Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in European Union
We use large-scale survey data from the Eurobarometer 77.2/2012 to explore variability in online activity, cyber-crime exposure, and security measures of end-users in European Union (EU27). While cyber-security is a high-priority activity for security experts and...
(Gen)AI and the human aspect of cybersecurity
WHITEPAPER(Gen)AI and the human aspect of cybersecurityThe buzz around generative artificial intelligence (GenAI) is deafening. And it’s getting louder by the minute. Promises of innovation abound. So do questions about reach and implications. As ChatGPT and Dall-E...
Repeat clicking: A lack of awareness is not the problem
Although phishing is the most common social engineering tactic employed by cyber criminals, not everyone is equally susceptible. An important finding emerging across several research studies on phishing is that a subset of employees is especially susceptible to social...
“Repeat Offenders” in cyber security – Black hat Europe executive summit 2021 keynote
What is the problem with so-called “repeat offenders” We can answer that question in two ways. The easy way, and the right way. Let’s start with the simple answer. Many people would say that the problem with “repeat offenders” is repeat incidents, or at least repeat...
The enduring mystery of the repeat Clickers
Individuals within an organization who repeatedly fall victim to phishing emails, referred to as Repeat Clickers, present a significant security risk to the organizations within which they operate. The causal factors for Repeat Clicking are poorly understood. This...
How to deal with individuals who repeatedly fail phishing simulations
In most companies, a small percentage of employees repeatedly fail phishing simulations. These “repeat responders” should be addressed through frequent phishing exercises to build muscle memory in identifying a phish. The cybersecurity team should work to identify...
Phishing for long tails: Examining organizational repeat clickers and protective stewards
Organizational cybersecurity efforts depend largely on the employees who reside within organizational walls. These individuals are central to the effectiveness of organizational actions to protect sensitive assets, and research has shown that they can be detrimental...
The new SEC cybersecurity rules: What’s happened so far, how it’s changing security awareness, and what it means for you
Security awareness compliance is transforming. Are you ready? The SEC's cyber disclosure rules are a sea change for public companies. Part of a growing global trend, the rules are a major step forward in enhancing transparency and investor protection in the face of...
Research on the effectiveness of cyber security awareness in ICS risk assessment frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social engineering attacks. This research aimed to determine the effect of cyber security awareness on the emergency response to cyber security incidents in the...
Social phishing
Phishing is a form of social engineering in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party. Phishing attacks today typically employ generalized “lures.” For instance, a phisher...
Investigation of human weaknesses in organizational cybersecurity: A meta-analytic approach
The rapid proliferation of digital technology and the increasing reliance on digital systems have made cybersecurity a critical concern for organizations and individuals worldwide. While technical solutions have been the primary focus in addressing cybersecurity...
On demand webinar: What (Gen)AI means for security awareness in 2024
ON DEMAND WEBINARWhat (Gen)AI means for security awareness in 2024Unpacking the power and perils of GenAI in cybersecurityAre you thinking about your AI strategy as it relates to security awareness? You’re not alone. Join our host CybSafe CEO, Oz Alashe MBE, and guest...
Development of a new ‘human cyber-resilience scale’
While there has been an upsurge in interest in cyber resilience in organizations, we know little about the resilience of individuals to cyber attacks. Cyber resilience in a domestic or non-work setting is important because we know that the majority of people will face...
What drives generation Z to behave security compliant? An extended analysis using the theory of planned behaviour
Cyber security remains a relevant topic for organisations. While companies invest in expensive security tools security awareness training often is neglected, even though human error still accounts for a large part of cyber incidents (Gartner, 2022). At the same time...
Understanding digital-safety experiences of Youth in the U.S.
The seamless integration of technology into the lives of youth has raised concerns about their digital safety. While prior work has explored youth experiences with physical, sexual, and emotional threats—such as bullying and trafficking—a comprehensive and in-depth...
Bottom-up psychosocial interventions for interdependent privacy: Effectiveness based on individual and content differences
Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people's information). This...
Developing metrics to assess the effectiveness of cybersecurity awareness program
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a...
SCENE: A structured means for creating and evaluating behavioral nudges in a cyber security environment
Behavior-change interventions are common in some areas of human-computer interaction, but rare in the domain of cybersecurity. This paper introduces a structured approach to working with organisations in order to develop such behavioral interventions or ‘nudges’. This...
What your workforce wishes the cyber team knew
Being a CISO or a member of a cybersecurity team can be a thankless job. Crucial work is being done daily, often in the hope that…nothing happens! Whilst proving the value of the cybersecurity team to the board is one thing – how does the workforce think they’re...