What does the psychology of fear have to do with cybersecurity?
I was absolutely delighted to be on the Social Engineer Podcast recently. If you're not familiar with this podcast (although surely you are!), it was recently named one of the top 35 information security podcasts by Digital Guardian.
Some of the things we talk about:
cybersecurity culture in an organisation
the psychology of fear
ethics of phishing simulations
the benefits of having a cybersecurity champions / ambassador programme
the importance of understanding the Pygmalion Effect and the Golem Effect in cybersecurity
Towards the end of the podcast, I refer to a pretty shocking case that I read about in the news, in which a woman was fired by her employer after becoming victim of a phishing attack. The employer is attempting to sue her for the money they lost. I have not found any information which tackles the technical defences the company had (or did not have) in place, but according to the BBC her lawyers are defending the case by arguing that she did not receive any relevant training. I'm interested to see what the outcome will be. As I discuss in the podcast, when people are blamed by their employer for becoming the unwitting victim of a social engineer scam, it tends to create a culture of fear in organisations which is very unhealthy for all sorts of reasons.
Towards the end of the podcast, I also recommended some of my favourite books, so make sure you stay with us all the way through!
Have a listen to the podcast, episode 118 "Can I Scare you into Security?".