Noting how the human element catalyzes 85% of data breaches—with phishing accounting for 36% of those–the 2021 Gartner Market Guide for Security Awareness Computer-Based Training helps organizations choose the right tool for their specific security needs.Cybersecurity is everyone’s business, now more than ever. Security challenges have multiplied with the pandemic-driven global shift to remote work. Phishing attacks will continue their near-exponential growth curve along with the maturation of the cybercrime-as-a-service market and state-sponsored cyber crime. Constantly evolving, the cybersecurity threat landscape becomes more sophisticated by the day as threat actors, incentivized by big payouts, create and use new tools and tactics for their illicit trade.Companies know this, and are seeking guidance for the best security awareness tools that can face those evolving threats and prevent breaches at the people layer, where they most commonly occur.
“We are honored Gartner recognized us as a representative vendor in the Gartner Market Guide for Security Awareness Computer-Based Training,” said Hoxhunt co-Founder and CEO, Mika Aalto. “It’s extremely validating to see our offering check so many boxes, from automation and customization to positive user experience and gamification. To achieve a new level of risk reduction for companies, Hoxhunt took some risks ourselves in our conception. But by rethinking cybersecurity awareness training as a fun and engaging experience, we have progressed from upstart to leader.”
Cybersecurity training must be aimed at engagement to affect behavior change. If actively engaged, lessons will stick and people will recognize and report (not click!) malicious phishing links. Traditional programs have failed because they fall back on the “stick” approach: punishment-by-added training, phishing prisons, booby prizes, and other draconian measures.Mounting evidence suggests the “carrot” approach is more effective. Humiliation and terror doesn’t support learning. It just makes people angry and mistrustful of cybersecurity. Keep it positive, with gamified carrots and sticks in the form of in-the-moment microtrainings. And customize the experience to the user’s skill level. And do it all with an automated solution. That’s the Hoxhunt way.
“Customers choose Hoxhunt because it’s effective, not just enjoyable,” said Mika. “Cybersecurity is extremely serious business and we approach it as such. Everything about Hoxhunt was engineered to enable security-positive behavior and lower risk of a breach. If there were a better way to achieve engagement and learning at scale than gamification, we’d have done that. But it’s great to see that an effective program can be fun, by our glowing G2 reviews.”
Automation is the future of security training. It’s vital to be able to automate customized learning paths for your people, when thousands of employees are spread across the globe. Their diversity of skills and behavioral tendencies need to be acknowledged; automated customization is the only scalable way to hit their learning "sweet spot" of difficulty level and content.
“Our many global customers took a positive new direction with us because they saw the cookie-cutter, punitive approaches on the market weren’t lowering risk. Our gamified training platform offers something fresh and different. We’re told that we even boost organizational security culture as well as the overall profile of information security teams. Being positive pays off.”
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.