Resources and Insights

The recent Okta breach is a stark reminder that the battleground for cybersecurity is not just in the servers, but in the synapses of every employee's brain. 'You can't patch stupid' is a defeatist adage that our industry clings to, yet this breach shows the fallacy of such thinking. Our latest post delves into why a mindset shift is imperative, from outsmarting hackers to outsmarting our own behavioral pitfalls. We argue that the only real fix to the phishing scourge is a revolutionary change in organizational culture, powered by behavioral science. Join us as we explore how ethical hacking and culture change are the duo that can reclaim cybersecurity's future.

New York's financial sector is now governed by the Second Amendment to 23 NYCRR 500, a set of cybersecurity regulations. While the amendment introduces robust technical and procedural requirements, it notably overlooks the human element of cybersecurity. Behavioral science principles, such as cognitive load theory and spaced learning, emphasize the need for digestible, continuous training. Over 90% of breaches start with human error, yet regulations like this one sideline the human element. For cybersecurity measures to be truly effective, continuous security awareness training must be prioritized, ensuring that every individual is empowered with the knowledge and skills to combat cyber threats.

Consent phishing is a sneaky tactic where hackers pretend to be trustworthy apps or services to trick people into giving them permissions. Once they have these permissions, they can get into real cloud services and steal sensitive data. This post will explain what consent phishing is, how it works, and how to protect against it, with a focus on the innovative solutions provided by PhishFirewall.

Unpacking the NIST Cybersecurity Framework 2.0 Public Draft is like unboxing a new gadget—it’s the same but better. The proposed changes in the training requirements are subtle but pinpointed for clarity, trimming any room for misinterpretation. While most vendors miss the mark on role-based training, the new draft illuminates these gaps. Dive in to understand how these changes might be more significant than you think.

In the realm of cybersecurity, the spotlight often falls on technology—firewalls, AI-driven threat detection, and other advanced solutions. But what if the key to robust cybersecurity lies not just in your tech stack but in the people operating behind it? In this talk, we shift the focus from viewing humans as the weakest link to recognizing them as invaluable assets in your cybersecurity strategy. We'll discuss why every avoided phishing attack is a victory for the "human firewall," and why investing in your people could prevent over 90% of potential breaches. You'll learn about the only three metrics that matter in cybersecurity and how a human-centric approach can offer a substantial return on investment. Overcoming the common objections to a human-centric strategy, this talk will arm you with the insights to rethink your cybersecurity strategy. By the end, you'll be convinced that the human element is not just a part of the solution—it is the solution. Embark on your journey to strengthen your human firewall and transform your organization's cybersecurity posture.

In the ever-evolving landscape of cybersecurity, phishing remains a stubbornly persistent threat. This post dives deep into the psychological underpinnings that make phishing so effective, revealing that it's not just a technology issue, but a human one. Drawing from cognitive psychology, the article discusses how cognitive biases and learned helplessness contribute to the problem. It critically examines why most existing training methods are woefully ineffective, highlighting their one-size-fits-all approach and low retention rates. The article concludes with a look into the future, where advanced AI could further empower individuals to become the ultimate human firewall against phishing attacks.

Explore the evolving challenges of cybersecurity in the digital age, from rising threats to the crucial role of collective action. Dive into the innovative solutions like PhishFirewall that offer a unified defense against cyber threats, emphasizing the importance of collaboration, education, and technology in safeguarding our digital future.

Think all CISOs are created equal? Think again. Last week, I got up close and personal with three Fortune 500 CISOs, and what I found was a cybersecurity circus. From punitive drill sergeants to overconfident gamblers, the range was staggering. But there was one Visionary who stood out. Dive into this no-holds-barred account that exposes the glaring gaps in cybersecurity thinking and why psychology can't be ignored!