Abstract
Users' deviant behaviors, unawareness, misuse, apathy, and resistance are usually the primary reasons for security breaches. Furthermore, there is a significant lack of information security studies on how the cultural phenomenon impacts the intention to comply with information security polices among individuals from different cultural backgrounds. Thus, the objectives of this study were to empirically examine which behavioral and cultural factors influence most in the individual’s security intention to comply with information security policies (ISP), and how complying with these policies can vary between countries and cross-cultural backgrounds. It also sought to understand the competing factors that could potentially impact the security performance by keeping down cybersecurity risks. In order to answer these interrogants, we administered a web-based survey, sent by e-mail and posted on various professional forums, to information security professionals and practitioners from AMER, APAC and EMEA business regions.

​We successfully developed a model with high and accurate levels to predict employee’s intention to comply with information security policies. This model was validated with multiple statistical analysis, including PLS-SEM, bootstrapping, and multi-groups analysis to corroborate the existence of differences among cultural-backgrounds. Our results demonstrate that there are significant differences for APAC and EMEA, but not for AMER, in their corresponding relation with the intention to comply with ISP.

We also identified positive and negative correlations between cultural and behavioral factors, which could help to better understand how they can also impact the security posture of an institution.  Findings from this study could contribute to existing literature by demonstrating the influential effects of Individualism, Power Distance, Masculinity, Uncertainty Avoidance, and Long-term Orientation on the actual information security compliance behavior from different business regions, a research field that had remained unexplored. Furthermore, given that our results suggest that by complying with ISP, companies can reduce cybersecurity risks, organizations should consider getting their employees to believe that by conducting in a secure way and complying with ISP, can keep security breaches down.

​It is well known that humans are the weakest link in the information security chain, but specifically, who are them? Well, you may guess, “they” are everyone. I have been in both sides, as a user and as a system admin; and in both sceneries humans tend to make mistakes. It’s human nature.

A lot have been investigated, written and said about how to better protect companies against the unstoppable proliferation of advanced and sophisticated cyber-threats/attacks. By default, and by common sense, we tend to think that by adopting and implementing cutting-edge security technologies, companies will be on a better position to stop, prevent, and reduce security threats from cyber-criminals. This is not so far from reality. Lots of technologies have emerged and being adopted to reach that goal. Among these technologies are: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewalls, Antivirus, Network Access Control (NAC), Proxies, Gateways, Advance Threat Analytics (ATA), Sandboxes, Multi-factor Authentication (MFA), Artificial Intelligence (AI), and Machine Learning (ML) solutions to mention a few.  However, security and data breaches still happen and are on the news all around the world, every day.

​WannaCry or Wanna Decrytor ransomware is an informatic virus that attacks Windows operating system based computers primarily (including servers) by taking advantage of system vulnerabilities exploited by Eternalblue, a tool believed to be developed by the USA National Security Agency. What is the unique effect once infected by the virus? Well, you will notice it fast. The system will show you a Popup window letting you know that your computer is infected, all your files are encrypted, and for you to recover it all, they require a ransom payment using bitcoins. Unless you make the payment, all your files will stay encrypted. The worst thing about this virus is that, if you do not pay in a certain period, the ransom payment will keep rising.
But, wait! The intention of this article is not to create panic. Even though you should panic if your computer got infected and you didn't backed up your files recently (last day or night before the infection). 

​Today more than ever, we are living in the interconnected and social era. Generation X and the famous Millennials, are so connected to the Internet, and spend so much time sharing almost everything about themselves, that they don’t imagine their life could go any other way.  This is without online presence, in their social communities and networks, 24 hours a day, 7 days a week, 365 days a year.

Some time ago, I had the opportunity to write an article titled “To be a certified professional or not to be”. It was about why some companies place more weight on certification’s credentials, than on years of experience and college degrees. I briefly explained that it was because some certifications are a must-have, since they “prove” that you are “following” the best practices, industry standards, and keep yourself up-to-date with new technologies and methodologies. This is true, but there are some other credentials that are just as nice to have, just to say that you have it (merely decorative). As the saying goes: “The suit does not make the clergyman, but distinguishes him”