New Episode of The Cyber Show: #054 | S6 | In The Chair | Train Without Pain: Craig Taylor

In this episode, Craig Taylor, co-founder of Cyberhoot, discusses his journey in cybersecurity, the importance of psychology in this field, and innovative methods for training employees to detect phishing attacks without punishing them. Taylor shares his experiences and perspectives on the evolution of cyber threats and best practices for protecting businesses.

Journey and Evolution of Cybersecurity

Craig Taylor begins by recounting his journey, from his studies in psychology to his entry into the field of cybersecurity even before the existence of the World Wide Web. He emphasizes the importance of psychology in understanding and influencing human behaviors, which are essential for creating a culture of cybersecurity within companies. Taylor co-founded Cyberhoot ten years ago, combining psychology, education, and cybersecurity to develop effective training tools.

Problems with Traditional Phishing Tests

Taylor criticizes traditional phishing test methods, which involve sending fake emails to test employees. These methods, according to him, are ineffective and counterproductive. Employees, punished for clicking on malicious links, become reluctant to participate and learn. Recent studies confirm that these tests do not work and can even harm trust and goodwill within the company.

Cyberhoot's Innovative Solution

Cyberhoot has developed a different approach with "Hootfish," an interactive simulator that teaches employees to identify the components of a phishing email without punishing them. This simulator ensures 100% participation and uses gamification techniques to make learning engaging and effective. Employees receive completion certificates and rewards, which reinforces their motivation to learn and apply their knowledge.

Importance of Training and Awareness

Taylor emphasizes the importance of continuous training and awareness of emerging threats. Cyberhoot produces monthly educational videos that cover the latest attacks and new threats, such as deepfakes and session token theft. These videos are sent directly to employees' inboxes, making information easily accessible.

Cybersecurity and Psychology

The discussion highlights the importance of a multidisciplinary approach to cybersecurity, integrating psychology, education, and technical principles. Taylor explains that understanding human behaviors is crucial for positively influencing security practices. He gives the example of password policies, which have long been based on mathematical principles without considering human psychology, leading to ineffective practices.

Current and Future Threats

Taylor and the host discuss current threats, such as the attacks on Jaguar Land Rover, and the broader implications of cybersecurity. They emphasize that companies must be prepared and resilient, adopting practices such as network segmentation and EDR (Endpoint Detection and Response) solutions. Cybersecurity must be a priority for all levels of the company, not just the IT team.

Conclusion

In conclusion, Craig Taylor offers a unique and valuable perspective on cybersecurity, emphasizing the importance of psychology and education. His insights and innovative solutions, such as the Hootfish simulator, demonstrate that it is possible to effectively train employees without punishing them, thereby creating a positive and engaging cybersecurity culture.