Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
How I learned to be secure: A census-representative survey of security advice sources and behavior
Rarely do users have a single, reliable source for soliciting advice on digital security. More often, the acquisition of digital security skills is a sporadic process, as users sift through an excess of security advice. A deeper understanding of the factors that shape...
Building a culture of security
In this whitepaper, Adobe explain how they’ve become an established global leader in security culture, training and awareness. They offer insight into the programs and schemes they run in order to maintain a culture of security.
The new wave of privacy concerns in the wearable devices era
The pervasiveness of mobile devices such as smart phones, apps, remote monitoring devices, and wearable sensors is enabling growth of Patient Generated Health Data (PGHD) through which people are capturing their vital signs outside the clinical settings. Tracking...
More harm than good? How messages that interrupt can make us vulnerable
Paper highlighting how constant interrupting messages and updates from computers and phones can impair cognitive functioning due to an effect called dual-task interference (DTI). DTI suggests that 2 tasks can only be performed in unison if there is a loss in overall...
Emerging trends in smart home security, privacy, and digital forensics
Technology integration is becoming an impetus to everyday lives. This new interconnected world can be found from our most private spaces to the public ones. Smart homes, which is the use of Internet of Things (IoT) within a home, has become the utmost concern in the...
How do vulnerabilities get into software?
This paper, by application security platform Veracode, addresses the four main causes of vulnerabilities in software today. The authors investigate: insecure coding practises; the ever-shifting threat landscape; the reuse of vulnerable components and code; and...
Social psychology: An under-used tool in cybersecurity
In cyber-security the weakest link is often seen as the human factor. This has led to discussions about the optimal methods in preventing cyber security breaches. This paper proposes that the fusion of cybersecurity and social psychology can inform and advance...
What impact does human behavior have on cyber security?
This article outlines the importance of human behaviour when it comes to cyber security and offers some recommendations to help create a stronger ‘human firewall’.
Nudging better security
This article explains what ‘behavioural nudging’ is and offers examples of how nudging could be used to encourage desired security behaviours.
Towards a usable framework for modelling security and privacy risks in the smart home
The Internet-of-Things (IoT) ushers in a new age where the variety and amount of connected, smart devices present in the home is set to increase substantially. While these bring several advantages in terms of convenience and assisted living, security and privacy risks...
Productive security: A scalable methodology for analysing employee security behaviours
Organisational security policies are often written without sufficiently taking in to account the goals and capabilities of the employees that must follow them. Effective security management requires that security managers are able to assess the effectiveness of their...
Keep on lockin’ in the free world: A multi-national comparison of smartphone locking
We present the results of an online survey of smartphone unlocking (N = 8, 286) that we conducted in eight different countries. The goal was to investigate differences in attitudes towards smartphone unlocking between different national cultures. Our results show that...
Security dialogues: Building better relationships between security and business
The “streetlight effect”—originally less flatteringly referred to as the “drunkard’s search”—is a form of observational bias. It recognizes our tendency to look for solutions to problems where it’s easiest to find them, such as under a streetlight. In this article, we...
Tales of software updates: The process of updating software
This paper delves into the process users undergo when updating their software, including both the positive and negative experiences they encounter. Software updates, which can alter functionality by fixing bugs, changing features, and modifying the user interface, can...
How can you improve cyber security awareness in your organisation?
A short blog post on how the gamification of cyber security awareness campaigns can raise cyber security awareness and change organisational culture.
How to combat insider threat using behavioral science
Understanding human behaviour – and noticing an individual's deviation from an expected behaviour – can help prevent and mitigate insider threats.
The Internet of Things – An introduction to privacy issues with a focus on the retail and home environments
This research paper provides an overview of the Internet of Things technologies generally, and with special application in the retail and home context. It then goes on to examine some of the challenges that this new environment creates through the lens of specific...
Human behaviour as an aspect of cyber security assurance
This paper considers existing research into cyber security assurance processes in an effort to identify elements of cyber security that would benefit from further research and development. It concludes the cyber security industry would benefit from more research into...
Why Johnny still, still can’t encrypt: Evaluating the usability of a modern PGP client
This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each...
Nudging online security behaviour with warning messages
Researchers tested the effectiveness of 9 different ways of warning users about cyber security threats. Making users aware of the steps they could take to minimise risk was effective in triggering more secure behaviour. Gain-framed messages, loss-framed messages and a...
A study on social engineering attacks and defence mechanisms
Humans are the most vulnerable points in any kind of security system because of their predictable behaviour and other psychological aspects. Yet, a lot of emphasis related to security is given to implementation of technical security via an antivirus, Intrusion...