The Internet has gradually filtered into nearly every aspect of our lives. Many of us routinely bank, shop and socialise online and the Internet is now the life-blood of commercial and non-commercial organisations alike. This offers plenty of scope for cyber-attackers. The threat includes the random, speculative attacks that dominate the threat landscape - designed to steal data from anyone unlucky enough to get infected, as well as the growing number of targeted attacks on organisations. Such attacks can be highly complex and may make use of very sophisticated techniques to infiltrate an organisation and steal sensitive data. Typically, attacks start by 'hacking the human', i.e. by tricking people into disclosing information that can be used to gain access to corporate resources.