Ever done something wrong? Sure you have. We all have. If you’re old enough to read this and your first name isn’t predicated by “Pope” and your address isn’t “The Vatican”, you’ve probably done something wrong in your life. What happened then? You learned from it. This is behavioural cybersecurity at its core: you learn not to make mistakes through analysing your own actions or the actions of your team.
And yet, there are literal trillions of dollars at stake. Just clicking on the wrong email attachment or spam link can compromise your identity or even cost your business millions of dollars. According to the folks at CISO Mag, Over $6,000,000,000,000 (that’s six trillion USD) was lost worldwide due to cybercrime in 2021, and that number will keep going up year after year. As 95% of cybersecurity incidents are because of human error, the only real way to mitigate these incidents is by removing human error itself, and the only good way to do that is to teach humans how to spot threats.
Here's a fantastic graph (if we do dare say so ourselves!) that shows the applied benefits of behavioral cybersecurity over time:
Let’s look at one of our companies we’ve been able to partner with to dramatically improve their cybersecurity: Docusign.
With over a million customers and hundreds of millions of end-users trusting Docusign with their sensitive information and signatures, it's no secret that Docusign needed a robust and intuitive way to strengthen their defences against hackers. To train their workforce against phishing and malware, they turned to us at Hoxhunt and have seen a marked improvement since implementing our services. Their engagement rate is over 53% and growing, and we were extremely proud to be an integral part of their award-winning awareness program at CSO50 2021.
Here's what Lisa Kubicki, the Director of Trust & Security Training & Awareness at DocuSign, said when we asked her about what she was looking for in a cybersecurity program:
They need to see it, read it, play with it, hear it, and do it daily. This won’t require a huge time commitment by them, but it will require that we have some of their time, short little bites of time on a regular basis. To get them to commit to that time, it must be fun, rewarding, and meaningful. It must connect to what’s important to them and how they are evaluated on their performance. It must overcome elements of how the brain works so that we get a more secure, more trusted, and more committed trust culture. We must both acknowledge and encourage the desired behaviors.
Hoxhunt met Lisa's requirements easily:
These facts and many more are available in our Behavioural Cybersecurity eBook.
We're a CISO-approved service, but we choose not to concentrate on the "weight" of how important our work is. We know what we do is of massive importance to our clients and that it works to great effect, but if we focused exclusively on these things it would lose the accessibility and ease-of-use that make Hoxhunt such an attractive service in the first place.
Just because something is visually engaging and fun to use doesn't mean that it's a game. We talked to Ira Winkler, the Chief Security Architect for Walmart for one of our CISO Sandbox webinars. Here's what he had to say about Hoxhunt and gamification:
Gamification is not a game. Gamification is actually a very specific business principle that says, "We are taking game principles and applying it to solve a business problem” … [and] rewarding somebody for learning.”
“I appreciate what Hoxhunt does. Hoxhunt sends out the phishing messages appropriate to the level of knowledge of the person. If you don't have a tool like that, you need to figure out, "How am I going to structure phishing messages that are going across the entire range of potential phishing knowledge?”
Did you know that
— We can tailor our phishing simulations to not only specific companies but also specific departments within companies.
— We can even tailor phishing simulations to individual people, from board members to interns. What other vendor can provide that?
— With a large team of social engineers working around the clock to craft phishing simulations based on real-world threats, your team is will be trained on the most up-to-date information available by some of the most skilled and knowledgeable cybersecurity professionals in Europe.
Drop us your email here and let’s set up a demo. We can’t wait to hear from you.