What is behavioural cybersecurity?

Ever done something wrong? Sure you have. We all have. If you’re old enough to read this and your first name isn’t predicated by “Pope” and your address isn’t “The Vatican”, you’ve probably done something wrong in your life. What happened then? You learned from it. This is behavioural cybersecurity at its core: you learn not to make mistakes through analysing your own actions or the actions of your team.

And yet, there are literal trillions of dollars at stake. Just clicking on the wrong email attachment or spam link can compromise your identity or even cost your business millions of dollars. According to the folks at CISO Mag, Over $6,000,000,000,000 (that’s six trillion USD) was lost worldwide due to cybercrime in 2021, and that number will keep going up year after year. As 95% of cybersecurity incidents are because of human error, the only real way to mitigate these incidents is by removing human error itself, and the only good way to do that is to teach humans how to spot threats. 

Here's a fantastic graph (if we do dare say so ourselves!) that shows the applied benefits of behavioral cybersecurity over time: 

Case Study: Docusign

Let’s look at one of our companies we’ve been able to partner with to dramatically improve their cybersecurity: Docusign.

With over a million customers and hundreds of millions of end-users trusting Docusign with their sensitive information and signatures, it's no secret that Docusign needed a robust and intuitive way to strengthen their defences against hackers. To train their workforce against phishing and malware, they turned to us at Hoxhunt and have seen a marked improvement since implementing our services. Their engagement rate is over 53% and growing, and we were extremely proud to be an integral part of their award-winning awareness program at CSO50 2021.

Here's what Lisa Kubicki, the Director of Trust & Security Training & Awareness at DocuSign, said when we asked her about what she was looking for in a cybersecurity program:

They need to see it, read it, play with it, hear it, and do it daily. This won’t require a huge time commitment by them, but it will require that we have some of their time, short little bites of time on a regular basis. To get them to commit to that time, it must be fun, rewarding, and meaningful. It must connect to what’s important to them and how they are evaluated on their performance. It must overcome elements of how the brain works so that we get a more secure, more trusted, and more committed trust culture. We must both acknowledge and encourage the desired behaviors.

Hoxhunt met Lisa's requirements easily: 

• No huge time commitment. Osterman Research has found that employees who complete just over 15 minutes of security training/month see themselves as part of and contributing to their organization’s security culture. Since Hoxhunt uses intermittent mini-tasks over a set period of time, this adds up easily without feeling to the end user like they're spending too much time being trained.
• Fun, rewarding, and meaningful. Don’t hate us ‘cause we’re eye-catching and easy to use! Underneath the hood is some of the best threat-catching AI in the industry and a 24/7 threat analysis team to back that technology up. 
• Making employees naturally and organically better at threat detection. 70% of new information is forgotten in 1 day, 90% is forgotten in 30 days. This is called the The Ebbinghaus forgetting curve. By continuously training in short increments, we’re rewiring the human brain’s ability to forget and fortifying new information. 

These facts and many more are available in our Behavioural Cybersecurity eBook. 
‍

‍

It's fun and engaging to employees without being just a "game"...

We're a CISO-approved service, but we choose not to concentrate on the "weight" of how important our work is. We know what we do is of massive importance to our clients and that it works to great effect, but if we focused exclusively on these things it would lose the accessibility and ease-of-use that make Hoxhunt such an attractive service in the first place.

Just because something is visually engaging and fun to use doesn't mean that it's a game. We talked to Ira Winkler, the Chief Security Architect for Walmart for one of our CISO Sandbox webinars. Here's what he had to say about Hoxhunt and gamification: 

Gamification is not a game. Gamification is actually a very specific business principle that says, "We are taking game principles and applying it to solve a business problem” … [and] rewarding somebody for learning.”

“I appreciate what Hoxhunt does. Hoxhunt sends out the phishing messages appropriate to the level of knowledge of the person. If you don't have a tool like that, you need to figure out, "How am I going to structure phishing messages that are going across the entire range of potential phishing knowledge?”

… and can tailor what we do to each person.

Did you know that

— We can tailor our phishing simulations to not only specific companies but also specific departments within companies.

— We can even tailor phishing simulations to individual people, from board members to interns. What other vendor can provide that? 

— With a large team of social engineers working around the clock to craft phishing simulations based on real-world threats, your team is will be trained on the most up-to-date information available by some of the most skilled and knowledgeable cybersecurity professionals in Europe.

Sounds pretty cool, doesn’t it?

Drop us your email here and let’s set up a demo. We can’t wait to hear from you.