A Bloke in a Pub

Tag: Psychology

  • Fads

    by

    Peter Fagan
    in ,

    Nudging users to “fix” their security behaviours is all the rage. But is it the only option? Are there options that are better? Should we be treating users like lab mice, or engaging with them as individuals? Not sure I’ve answered any of those questions in this piece, but I’ve at least given them a…

  • A Passing Fad

    by

    Peter Fagan
    in , , ,

    Why Bother? Security awareness training doesn’t work. That’s so well known, it’s getting to be almost trite to point it out. Last survey I saw was based in a sample of about 20,000 people. The researchers were looking for some sort of correlation between having recently completed a phishing awareness course, and being less likely…

  • Optimism

    by

    Peter Fagan
    in ,

    The application of AI to cyber security seems obsessed with the idea that it’s all about technology. And yet what we seem to be seeing is that attackers, being more nimble and more forward-looking than defenders, are using AI to improve their success rate when it comes to persuading people to make particular decisions on…

  • L’enfer, c’est les autres

    by

    Peter Fagan
    in , ,

    AI and cyber… yawn… Inevitably I guess, the hype around AI and security focusses on technology. Assessing networks for inherent vulnerabilities, analysing incoming traffic for threats, (and again, inevitably) searching for possible phishing emails, thereby taking the unreliable human out of the loop, and in the process, further reducing their chances of learning from experience.…

  • Environmental Concerns

    by

    Peter Fagan
    in

    Egon Brunswick (1903-1955) argued that organisms (read “people”) exist within an environment with which they interact, and which in part shapes their behaviour. So the idea has been around for a while now, but security practitioners don’t seem to have caught on to its relevance to cyber. Instead, users are given advice based on the…

  • Hey Users! Why not Just do as You’re Told?

    by

    Peter Fagan
    in

    We sent you on a course… Traditional security awareness courses are generally seen as pretty grim. David Lacey once summed up the average course as not much more than a “broadcast of facts”. Study after study finds the usual evidence of zero planning and appalling delivery, and no effort made to follow up. It’s that…

  • That’s why they call it research…

    by

    Peter Fagan
    in

    Research, at least as far as the cyber industry is concerned, seems to take a limited number of forms. For the most part, it seems to be about looking for technical vulnerabilities. Sometimes it appears as a sentence starting “Research proves that…”, usually in a message from a cyber company with kit to sell. Occasionally…

  • Examining security tropes and myths, starting with psychology

    by

    Peter Fagan
    in

    The first article has just gone up, looking at the use of psychology (“nudging”) in cyber security. Some quite substantial claims are being made that the use of behavioural science will address what some call the human cyber risk. Or is it just another point solution being offered by an industry intent on control rather…