Although employers require that their employees complete annual cybersecurity training courses, cybersecurity violations promoted by humans are still produced. The problem could even worse substantially as the generative AI increases the scale and customization of social engineering campaigns.
AnagramPreviously known as Cipher, it is adopting a new approach to the cybersecurity training of employees that the company expects to keep up with the changing nature of these campaigns.
The New York -based company built a platform that contains practical security training for companies. The training includes videos of the size of a bite and custom interactive puzzles to teach employees how to detect emails and suspicious communication. These training are designed to be more frequent and more attractive than the current standard of a training session once annual and long.
Harley Sugarman, co -founder and CEO of Anagram, told britcommerce that these activities include tasks such as making employees create their own electronic PHISHING emails to teach them how to detect sophisticated campaigns against themselves.
“We took very little, in fact, basically it was not inspired by existing things,” Sugarman said about existing cyber security training. “What we really took were Tiktok lessons and Leolingo and Khan Academy lessons. We observe these platforms that have done very, very attractive and changing user behavior outside the security space and said, ok, how can we apply those lessons within security?
The construction of gamified cybersecurity was not what Sugarman, a former VC in Bloomberg Beta, set out to do when the company initially launched.
Sugarman’s first idea was a way of taking the training approach of “flag capture” of cyber industry for business cyber security employees. This training approach implies building software with vulnerabilities and making security researchers enter the software to find errors and discover how to write code without falling into the same traps.
That company was launched as encrypted in 2022 and won some traction. But the main information science officers (CISO) began to tell Sugarman that their businesses actually had a bigger security problem they were looking for: their non -security employees. Sugarman said the CISO describe their employees as their weakest cybersecurity link.
“What surprised me was actually the amount of hopelessness I heard in his voices,” said Sugarman. “This was an insoluble problem for them.”
Cipher then turned in January 2024 to concentrate on solving that problem. Now the beginning is changing his name to Anagram to reflect his new approach and is in the process of decreasing his original product. Anagram has seen strong growth since its pivot and the clients landed, including Thomson Reuters, Massmutual and Disney, among others.
Anagram recently raised a $ 10 million series A round directed by Madrona with the participation of General Catalyst, Bloomberg Beta and the operating partners, among others. The company plans to use the funds to build its sales team and continue improving the product. Sugarman said that so far they have been able to carry the company’s pHishing fault rates from 20% to 6%, but believe they can continue to approach zero.
Sugarman said Anagram launched its product at a really interesting turning point for the cybersecurity industry. With the advances of the generative AI, social engineering campaigns can be more personalized than ever, which will make it more and more difficult for people to say what is real and what not.
“I think that the type of side effect of that is that traditional email security platforms will actually have much more time to detect these phishes generated by AI,” said Sugerman. “That ability to generate and randomly is so strong, and it is very, very difficult, from an engineering perspective, defend against that.”
Anagram is also working to develop an artificial intelligence agent who sits in the emails of business employees and will receive training to mark possible cybersecurity slippages before they occur. Sugarman said the agent would do things like appearing to ask someone if he really wants to send his credit card information by email and other similar safeguards.
Meanwhile, Anagram hopes that her puzzle puzzles and training videos continue to move the needle.
“Humans are not dumb, we build skyscrapers that we can make space trips,” said Sugarman. “We can discover how not to click on a suspicious link in an email.”