Security awareness isn’t something new. It is a means to educate the workforce, the front line of risk realisation and to create a culture where security behaviour marches triumphantly towards exemplary. This represents a fabulous opportunity to have a tangibly positive impact upon risk. However, in the real world, it is little more than a … Continue reading Outcome based awareness
In too many organisations, cyber security is dislocated and siloed. Security chiefs need to take a more joined-up approach, but that is likely to mean a rethink of how the security team operates There is a common problem in the cyber security industry, something that holds many organisations back in their maturity. Quite simply, too … Continue reading Joining the dots to deliver effective cyber security
There is a certain fallacy in the world of cyber security. It has been there since day one and continues to thrive today. It is simply that controls work. In the main they don’t. For too long security teams have lived the lie that what they have delivered has been effective, but so often from … Continue reading Cyber Security……you’re doing it all wrong!
It is very interesting to see the Equifax report. Most pertinently that they had processes, tools and policies in place, yet still succumbed in a big way. Risk materialised. A risk that, with what most would deem the basics, and probably more, should have largely been mitigated. Yet we have a serious problem in the … Continue reading How Equifax are you?
It is increasingly commonplace for organisations to undertake phishing simulations against their employees. There is a plethora of service providers as well as free resources to use for this purpose. With the increase in such activities, you would think security awareness would be at an all-time high. But is it? And are these methods effective? Let’s get … Continue reading Raising security awareness through phishing simulation – how to get it right