This is HoxHunt, an AI created to train you to be better at protecting yourself and your company from cybercrime. Our public story begins with this post, but we’ve been around already for a short while. During that while, we’ve built a rocket, ignited the engines and managed to have a lift off. We have also closed a seed-funding round, led by the coolest VC fund in Finland, Icebreaker.vc, joined by Nokia & F-Secure chairman Risto Siilasmaa’s First Fellow Partners. But as usually, a dinner is tastiest, served with an appetizer, so let’s first drill down to what we are all about.
We know who you are, and so do the criminals
Before we tell more about ourselves, let’s take a moment to think how much we could know from you. You probably have a social media accounts and a work email. By combining information from those sources, we can create a message, tailored to you. If we were an attacker we would most probably load that message with fear and urgency to get you to react to it instantly, without using your common sense. This attack tactic is called social engineering and today’s digital criminals are extremely skilful in using it.
Social engineering attacks rely on the power of facts. The stronger the facts are, the easier it is to manipulate the target. Attackers are using the information you share about yourself, against you. The ultimate goal of the attacker is not necessarily to get to your computer per se but to get to your company’s computer, because that’s where the money is.
How they get to you
We all share a personal global address, an email account, and the attackers are knocking on your door all the time. What you’ve probably seen are the naïve easy attacks but the ones you should be worried about, are the more sophisticated ones.
In fact, over 80% of corporate cyber incidents start through an employee. The biggest channel of delivering these attacks is by far, email. The better attacks start with truths about your life, trickwired with a hidden agenda. Usually that agenda is to get you to click on a link or to open an attachment. What happens next, is up to the attacker.
Why should you and your company care
The problem is magnified when this kind of a malicious email hits the inbox of a company employee. If, the employee does not recognize that she is under an attack, the consequences are usually expensive. The outcomes of the incidents range from locking the company systems for ransom, to stealing sensitive information and causing a major reputation crisis. On average an attacker spends 213 days in company’s systems without being detected.
Companies function on top of data. Thus, if an attacker is able to reject company employees access to that data or steal sensitive information, the consequences can be drastic. Many companies have recognized the importance of information security as an integral part of their employees’ core competence. For those companies, the question is not anymore if you should train yourself and your employees in cyber security, the question is whether your 213 days has already begun.
The bad feng-shui in cyber-security
To this date, changing employee behaviour to a secure one has been incredibly hard. Organizations have tried pushing information to their employees in classrooms and in e-learning solutions. They’ve tested the results of these awareness campaigns with phishing tools and penetration tests, giving extra training only when an employee fails, not exactly creating nice feng-shui to security awareness. While some of these methods are great for other purposes — like e-learning is for regulatory compliance. The actual results in changing employee behavior to a more cyber-secure point out otherwise, the traditional methods to patch the human component do not work.
That’s why we founded HoxHunt.
Gamification is a fancy word for creating experiences
We think that cyber secure behavior — like any behavior — can not be forced into an employee. We think the secure behavior should initiate from the employee.
So, we decided to create a solution that’s fast and easy to use, integrated to your workflow without you almost noticing it. And now that we were on it, we decided to make it so engaging, that the employee wants to use it, voluntarily! How we were able to achieve this? That’s called gamification folks, one of the national competencies of our dear home country Finland. Creating experiences means creating memorable moments, and memorable moments mean behavior change. Great user experience also means that there is no more bad karma around cyber-security!
May the force be with you
Our mission at HoxHunt is to enable everyone to protect themselves from cybercrime. We want you to be able to protect yourself, your family and your company. But, before you can start doing that, you have to recognize when you are under an attack.
That is why we created HoxAI. An AI that gathers intelligence about you just like the attacker would and simulates the real world attacks to you. Your job is to recognize and report when you are under an attack. Our game engine rewards you whenever you report an attack. The best thing is, that you can’t know if the attack is a simulated or a real one — in either case you are encouraged to report it.
One of the biggest challenges to date, has been education customization. Employees knowledge and initial skill levels in cyber security vary a lot. To change individual behavior in a large organization, the training needs to be customized employee by employee. HoxHunt’s game AI does this automatically.
On the user experience side, the system integrates to user’s daily workflow, so that the training is fast and effortless. Under the hood, we have powerful machine learning algorithms to leverage network effects when real threats are reported. We want to give you the force to protect yourself and your organization.
The fast forward
Our first customers have been stock listed organizations from Retail, Cyber-Security, IT and Financial Technology. For us, selecting the most demanding first customers — from cyber-security experts to white and blue collar employees — has helped us to push our product forward with high intensity. We now have users in over 22 countries.
Investors also believe in our mission. We are stoked to announce that we have closed our seed-round led by Icebreaker VC and joined by Nokia & F-Secure chairman Risto Siilasmaa’s First Fellow Partners. The funding helps us to serve our customers even better and to take our product to the next level. Yes, that rhymes.
So, next time when you receive a parking ticket from a private parking company to your work email and you are in rage and frustration about to open the attached invoice, think first if the parking company really should know your email address.