Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

45% of users are falling for phishing attack websites according to Google

googlelogoGoogle Research published this report on their findings (PDF)
about phishing websites. One of their findings is that as many as 45% of visitors give up personal identifiable information (PII) when they arrive at a phishing site. The less successful sites captures data from around 3% of the visitors only.

Another important factor the research show is that most accounts are being exploited within 30 minutes from the information was given up to the phishing site. This show just how quickly the crooks are moving, and how fast we must change passwords if we suspect that we gave up information on a phishing site. It is also a strong case for two-factor authentication systems.

From a security culture perspective, implementing a training strategy where users who suspect they have been given up information to a fraudulent site, get trained on what to do after the fact, makes sense. Some actions to take may include:

  • Create a workflow to report and handle phishing attempts
  • Train end-users in the workflow
  • Build a positive experience for the end user when they report an incident

You can use the Security Culture Framework to organize the workflow and training aspects.

Engage me!

Kai Roer

Creator of the Security Culture Framework at CLTRe
An engaging and award winning specialist on security behaviors and security culture, I provide organizations around the world with advice on assessing, building and maintaining good security culture using the Security Culture Framework. I am working with researchers and practitioners worldwide to bring insights on human behavior from a security perspective, thus creating better products, services and organizations.

Recognitions (Selection)
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author

Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Engage me!