Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021
It’s widely recognised that the human aspect of cybersecurity is critical but not well understood. The empirical evidence is limited. In a first-of-its-kind project, user security behaviours and attitudes have been examined with scientific rigor. Join us to discover and explore the key findings.
Recorded on: Friday 15th October 2021
Is psychological safety the missing link to successful security initiatives?
Have you ever considered how your organisation's ability to create and maintain a psychologically safe environment – where employees know they will not be punished or humiliated for speaking up – can impact your security initiatives? Discover how to take these principles forward and create successful initiatives.
Recorded on: Monday 11th October 2021
Spear phishing in 2021: Why organisations need new methods to combat new tricks
Phishing is a threat most security leaders are concerned about. Not only are attacks frequent, time-consuming to investigate, and expensive to recover from, but solutions such as SEGs and native tools aren’t enough. With 2m malicious emails managing to bypass ‘robust’ security controls over one year, we need new ways to defend against this evolving threat.
Recorded on: Friday 24th September 2021
Understanding cybersecurity behaviours using gamification and behaviour analytics
Training often doesn’t consider why humans exhibit poor security behaviours or how people perceive risk differently. Join us to learn how gamification and human behaviour analytics can be used to assess individuals’ risk perception and the consequent need for security and trigger behaviour modification.
Recorded on: Friday 3rd September 2021
How to get your security programme proposals approved
Have you been passionate about a proposed solution, only to find that nobody understands how it could positively impact the business? This doesn't need to happen. Join us to learn how to leverage your research and project management skills to tell a compelling story, create a proposal that justifies investment, and generate buy-in.
Recorded on: Wednesday 1st September 2021
Taking your awareness programme to the next level: Simple hacks that can drive performance
There are some excellent awareness programmes in the UK cybersecurity landscape. In this webinar, we explore a selection of activities that use a variety of communication techniques to positively influence security behaviour and culture. Learn about a few of the initiatives that could prove invaluable for your own programmes.
Recorded on: Thursday 29th July 2021
4 steps to navigating insider risk
With the massive shift to remote working in 2020, organisations have been racing to rethink their security programs to manage the risk from within as well as guard from external attacks. This webinar explores the unique risk of insider threats and show you the 4 steps you can take to protect your organisation.
Recorded on: Tuesday 27th July 2021
Cyber Escape: Discover how to raise cyber awareness through fun!
Situational awareness cyber training can bring risks to life, helping employees gain cybersecurity experience in a fun and safe environment. This talk shares an example of a mobile Cyber Escape Experience, where participants look for clues, solve puzzles, and decipher riddles to earn their escape, as well as the objectives of the initiative and the lessons learned.
Recorded on: Monday 26th July 2021
What is the Metropolitan Police Cyber Choices Team?
The Metropolitan Police Cyber Choices programme is designed to reduce cybercrime by working with individuals who may be vulnerable to it. They promote legal and ethical cyber opportunities to divert people away from crime and encourage them to make informed decisions. Learn more about the important work this team does.
Recorded on: Tuesday 13th July 2021
What is a people-centric security culture, and how can you create one?
Most security awareness training attempts to raise awareness only. To decrease risk, security awareness training must raise awareness, change behaviour, and build a culture of security. We discuss how to create a stronger people-centric security culture and be more cyber resilient.
Recorded on: Thursday 1st July 2021
How the pandemic has changed the face of cybersecurity
Has the pandemic changed the way you work? Is that change permanent? We examine some of the challenges, surprises and long-term changes brought about by the Covid pandemic that have impacted our digital world, and what these changes mean for the future of cybersecurity.
Recorded on: Monday 28th June 2021
How to beat the cybersecurity culture blocks II - Building on your experience
We delve deeper into the four common blocks to cybersecurity maturity. A panel of your peers shares what they have done to tackle these blocks and the impact of their efforts. Join us to learn from them and find out the practical tips and advice that can help you.
Recorded on: Tuesday 8th June 2021
From little acorns grow mighty oaks: Why small behavioural changes lead to significant risk reduction
The links between security behaviours and risks are not always clear. Knowing how different behaviours affect risks gives us clarity, allowing us to design focussed approaches and measure the results. Learn how to use open-source tools to identify and prioritise security behaviours.
Recorded on: Thursday 3rd June 2021
Embedding incident response and the relevance of awareness training
As anyone who has suffered a breach will testify, speed is of the essence when you need to minimise the consequences and reassert control. Join us to learn how giving your people the proper awareness training improves your defences and buys you time when you’re at panic stations.
Recorded on: Tuesday 1st June 2021
Building cyber community engagement through the CyberScotland Partnership
Join us for an outline of Scotland’s approach to creating the right conditions for a cyber resilient nation. Explore the partnership’s role in supporting delivery of the strategic framework for a cyber resilient Scotland and the success of CyberScotland Week, as well as some of its other current projects.
Recorded on: Monday 17th May 2021
10 top free tips to improve your employee security
As more and more cases of employee fraud are covered in the press, hear about the latest top 10 free ways to improve employee security through the entire lifecycle. Learn about free advice, initiatives and events about employee screening and how to use these to improve your company’s defences.
Recorded on: Monday 10th May 2021
Applying behavioural and learning science to security awareness programmes
Hear how Unilever, Cardiff University and ThinkCyber are working together to deliver secure behaviour change through real-time, drip-fed and targeted security awareness. This talk will touch on recent awareness successes, behavioural theory, software to deliver on this theory, and the scope of trials taking place at Unilever.
Recorded on: Wednesday 21st April 2021
Why people click: How do cybercriminals bypass your security awareness training?
Why do people click on malicious links? We explain how attackers still manage to trick our staff into clicking on suspicious content despite investment in education and awareness. Join us for an interactive session looking at example attacks and techniques, then discuss how to make your training more effective.
Recorded on: Tuesday 20th April 2021
“It's only words”* - ambiguities and contradictions as seen through the looking glass of risk and security (* apologies to the BeeGees)
Risk and security are terms misused and intertwined by many within organisations, and yet the impact their use has on performance and understanding is significant. Join us as we explore these definitions and consider the implications for communication of issues with the board, the organisation, and external stakeholders.
Recorded on: Monday 22nd February 2021
The pain of phishing – are you looking for a new solution?
If phishing gives you sleepless nights, join this interactive webinar and discover open phishing. Underpinned by gamification principles, such as point scoring and levelling up, open phishing means employees follow a path they plot themselves to become an organisation’s human firewall. Attendees will receive a report collated from the discussion.
Recorded on: Tuesday 9th February 2021
Where awareness fits within a security programme
While security awareness programmes exist, they tend to get the minimum budget and support required to run at a perceived acceptable level. This presentation looks at metrics, programme structure and awareness goals while discussing how to take a bigger role in the security programme and why you deserve more for your efforts.
Recorded on: Tuesday 2nd February 2021
How to train your invisible employees (before they become dragons)
Covid has killed the network perimeter. Long live the true endpoint protection, detection and response capability – the human! But running updates and patches on people is tricky; we explore why, and what you can do to improve your human-centric patch management.
Recorded on: Tuesday 26th January 2021
Data Privacy Day also concerns security: What are a CISO's main privacy concerns for 2021?
Data Privacy Day is next week, and any day that celebrates data protection or data privacy is in itself a security day also. Join us for this informative and interactive session as we discuss our main privacy concerns, the top trends and predictions for 2021, and methodologies for compiling successful compliance programs in the post-Covid-19 digitalised world.
Recorded on: Monday 25th January 2021
Security awareness messaging: The fine lines between attention-grabbing and offence, and between humour and triviality
Too often we keep falling for the same tricks. Too often we see in the media or via awareness campaigns you shouldn’t click on this or you should look out for that. Is there a better way to convey this message that actually leaves a lasting impression on the recipient? We will investigate why awareness is playing it safe and why we seem to be doing our colleagues a disservice when trying to educate and inform.
Recorded on: Wednesday 6th January 2021
Using the MITRE ATT&CK framework to drive risk remediation programs and mitigate cyber attacks
This webinar explores the value and utility of the MITRE ATT&CK framework - a globally accessible knowledgebase of adversary tactics and techniques. Learn how to leverage the MITRE framework to assess your cyber maturity against security standards and define a prioritised roadmap for addressing critical gaps in your security, based on common, high-frequency tactics and techniques.
Recorded on: Friday 18th December 2020
The UK Business Cyber Centre: The cybersecurity guru for businesses, from SMEs to corporates
The UK Business Cyber Centre (BCC) provides millions of UK businesses normally outside the national cybersecurity envelope with access to cybersecurity advice, training, alerts and warnings, so as to meet the UK's demands for secure digital growth. Andrew takes us through this enterprising scheme, with the opportunity for you to engage in this exciting venture.
Recorded on: Monday 30th November 2020
Driving real behaviour change: How to build a security awareness program that works
When it comes to modern Cybersecurity – ultimately your users are your last line of defence. So you need to arm them with both knowledge and practice to mould dynamic, alert guardians of both your organisation and your data. The key to your success is engaging, entertaining - and crucially - topical security awareness training.
So where to start, or how to renew your program?
Recorded on: Monday 16th November 2020
Seven new education ideas to get your organisation cyber-savvy
Are your staff bored with security bulletins? Worried they’re not hitting the mark? We explore how Lloyds Banking Group uses a variety of fresh communication methods to influence security behaviour and culture positively. Learn how to inject interactivity with elegant in-house solutions without blowing the budget to enliven your corporate cyber education.
Recorded on: Friday 30th October 2020
The consideration of ethics in developing technology
As we develop new technology, we focus on the benefits without considering the consequences. Criminals access nation-state capability. Unscrupulous individuals use social media to spread extremist views or play havoc with our elections. The increase in data raises concerns around its exploitation. So can technology be developed with ethics in mind, and if so, how?
Recorded on: Monday 26th October 2020
Minimising risk from cyber threats: Focusing on reducing time to containment
With limited resources, an ever-growing skills gap and an escalating volume of security alerts, organisations are left vulnerable to what is perceived to be an unavoidable risk. How can they minimise risk from cyber threats without further increasing the workload? In this webinar, we will discuss how automation can help address these challenges faced by CISOs.
Recorded on: Monday 19th October 2020
You can stop stupid
Security professionals often complain that end users are stupid. But we should instead identify and adjust failings in our practices, as well as the processes and technologies that enable such behaviours. Ira is one of the world’s most influential security professionals. He writes and speaks on cybersecurity and the human aspects of security and technology.
Recorded on: Thursday 15th October 2020
Live cyber attack: Maze ransomware attack simulation
Ransomware gangs like Maze dwell in networks, stealing data and leaving backdoors, before dropping ransom notes. Join us as we explain how big-game ransomware gangs operate and showcase common tactics, techniques, and procedures (TTPs), with takeaways to help you prepare for an attack. Dave will run a Maze attack simulation, showing how an IR team should respond.
Recorded on: Friday 9th October 2020
OpSec tales from the trenches: The ins, outs, wins and fails of online operational security
Operation Security (OpSec) is hard, it only takes one slip-up for the house of cards to tumble down. We examine its history, from its real-world military origins to its modern-day use by hackers and privacy-conscious netizens alike. Come for stories of modern-day OpSec mishaps, stay for the lessons into how hackers tread cautiously, to avoid getting caught.
Recorded on: Thursday 8th October 2020
Developing and sustaining an effective security culture
Security culture refers to the values everyone should approach security by, to mitigate against threats. Developing and sustaining an effective culture is an essential component of a security regime, to evolve a security-conscious workforce and promote desired security behaviours. These leading security culture change practitioners talk about their work.
Recorded on: Tuesday 6th October 2020
Reducing susceptibility to disinformation during Covid-19
David has been in the military for eight years. He joins us to discuss his work with the British Army's Information Operations Unit (77th Brigade) as a behavioural change planner. He successfully implemented behavioural change strategies against ISIS in 2019. He has recently advised Her Majesty's Government on countering misinformation during the Covid-19 crisis.
Recorded on: Friday 2nd October 2020
The state of the security team: Are executives the problem?
Cybersecurity professionals are reporting higher levels of stress than before. A recent LogRhythm survey investigated the reasons behind the increased pressure on security teams, solution capabilities, deployment strategies, technology gaps, and more. Join Andrew as we explore some of the key findings from this research and how to alleviate some of these issues.
Recorded on: Monday 28th September 2020
Dramatic security awareness: Cyber security awareness that might actually work!
Most security awareness training fails because it’s boring, condescending or wrong. Humans are drawn to engaging narratives and Peter offers an approach that calls on principles from sales, marketing, ethical hacking, education theory and creative writing. He shares examples of successful awareness training with heroes, villains, and plenty of drama.
Recorded on: Wednesday 23rd September 2020
Top ten biggest and boldest insider threats
Insider threats are a widespread problem, affecting all industries and geographies. Understanding the motives behind them is key to defending your organisation, so join us as Rob and Lee reveal the stories behind the biggest threats over the last year. You will learn what happened in each incident and practical security tips to mitigate your own insider risk.
Recorded on: Tuesday 22nd September 2020
Human cyber risk and security awareness: What’s ‘new’ and why is anything ‘normal’?
We talk about the ‘new normal’, but it’s just the old normal from a different location. Human cyber risk is an essential part of cybersecurity, but we’ve still yet to make a genuine impact. Things are changing though, and human cyber risk specialists are evolving. Oz explains what this means for security awareness and what we’re learning from the pandemic.
Recorded on: Wednesday 16th September 2020
To err is human, to keep doing it is idiotic. Why do we keep shooting ourselves in both feet?
There’s more shiny silver bullets than we can shake a stick at. Each one promises some variant of greater efficacy. So why, with all of this tech, are we still falling foul of attackers? Why is awareness and common sense the most overused terms in security but are never practiced. We explore some simple ways we can turn the tide of keeping our organisations secure in the online world.
Recorded on: Thursday 20th August 2020
'Tell me where it hurts': Where should you begin to address your professional pains?
There are many and increasingly complex challenges within organisations' information security. Companies must reassess their strategies in this Covid world, as cyber criminals become ever-resourceful in their methods. This session explores the remedies around changing your employees' behaviour and the organisation's culture and the approaches you should take.
Recorded on: Tuesday 11th August 2020
Beyond Phishing: A comprehensive view of user-based risk across your business
Nearly all cybersecurity attacks target individuals, but how do you identify which end-users are being targeted within your organisation and understand their level of resilience? We'll look at the risks from different activities, the type of attacks that companies face each year and how they can minimise risk through people risk assessments.
Recorded on: Tuesday 21st April 2020
Securing a remote workforce – how to get started
New security concerns have risen as businesses implement remote work policies, many of which either weren’t prioritised beforehand. We look at the best practices for securing a remote workforce and discuss log collection for remote systems, what activity you should expect to see, and the impacts resulting from the current rush to support remote work.
Recorded on: Thursday 16th April 2020
The importance of security awareness during the Covid-19 pandemic
Time and again during our SASIG webinars over the past couple of weeks both our presenters and audience members have referred to the importance of good security awareness and the need for a strong security culture. This is made even more urgent with the massive increase in phishing attacks and online scams that have bubbled up since this all started.