Hoxhunt Looks to Strengthen the Human Element in Cybersecurity

14 SHARES Share Tweet

Most companies already operate on the premise that cyberattacks can cause them great harm. As such, they are already committing more resources toward cybersecurity. IDC expects security spending worldwide to reach $133.8 billion by 2020.

However, establishing a strong cybersecurity posture can be a major challenge. Hackers can exploit multiple vectors ranging from unsecure web applications to outdated operating systems. Fortunately, there is now a variety of specialized solutions and measures designed to mitigate these threats that companies can readily adopt.

Nevertheless, what remains a glaring pitfall in any organization’s security strategy is the human element. As much as 90 percent of data breaches can be attributed to human error. This fallibility is what’s exploited by hackers in their social engineering attacks. It’s easier for hackers to trick users into compromising their own networks rather than use brute force.

Security training platform Hoxhunt looks to remedy this by providing organizations the means to train employees to accurately identify social engineering attacks such as phishing and immediately respond to these threats.

“Companies may be investing heavily in various cybersecurity solutions, but they may be overlooking the most critical aspect of their security-their people! ​The majority of security incidents can be traced back to some form of human error. This is why hackers still rely on phishing to trick users into providing them with an opening to exploit. It’s up to companies to make sure that their people aren’t easily fooled,” Hoxhunt CEO Mika Aalto says.

It can take just one vulnerable link in a company’s security defense for a cyberattack to be successful. Even large companies, with their huge investments in enterprise-grade security, can be vulnerable.

In 2014, Sony Pictures was attacked by a hacker group which resulted in its emails being leaked to the public. This cost the company $15 million and its reputation also took a massive hit due to the contents of the leaked emails. Researchers eventually found that the hack was made possible by phishing emails that had targeted Sony executives and employees.

Unfortunately, there is no absolute guarantee that human error can be avoided. Hackers are using more complex social engineering attacks against companies. They now resort to spear phishing which makes spam messages appear as if they come from legitimate sources.

Recently, there has also been a rise in phishing emails using the coronavirus outbreak as a ruse to trick users into opening these messages. Many workers are now doing their jobs from their homes using their own devices which raises the security risk for many organizations.

Home networks and personal devices typically do not have the same enterprise security tools that are found in most offices making them more vulnerable to attacks. Since these devices have access to corporate networks and accounts, attackers may be able to use them as vectors to wider breaches.

Hackers are even using artificial intelligence (AI) to mine information about a specific target in order to better disguise their messages using personalized information. Conventional measures such as spam filtering, whether on the server or on the email client, can fall short against this more sophisticated kind of spam.

Because of this, it’s important for companies to ensure that their employees are capable of identifying social engineering attacks and responding to them. Hoxhunt looks to help companies achieve this by providing an effective and engaging phishing training program.

The platform works by launching simulated phishing attacks to users within the organization. The dummy phishing emails are designed to mimic real-world threats. These messages even contain personalized information tailored to the organization and its users for added complexity. This provides a better immersive training experience as users from different departments of the company can receive customized emails specific to their job functions.

The training doesn’t simply instruct users on what not to click or download. It also promotes a positive approach by encouraging users to report phishing messages. Using the Hoxhunt plugin, users can report these emails and they are awarded points for each successful report. User responses are also tracked. Should users fail to identify emails or fall to the simulated phishing attempt, the platform provides tidbits of information that identify which aspects they need to learn and remember.

Managers and security teams can also monitor user progress. Users are ranked using an organization-wide leaderboard so companies can incentivize top performers and provide additional training to those who are performing poorly. Each employee is a potential vulnerable point in security, so ensuring that everyone is brought up to speed and trained properly improves the company’s overall security posture.

Hoxhunt customers have seen as much as six times the reporting rate of real threats, meaning that the training does translate to actual improvements in security. Constant training can help reduce the failure rate and improve the company’s risk profile.

“When it comes to security training, we find it best to make the process more interactive and engaging. Rather than simply have users go through boring lectures, we make them learn through application. They have to actually figure out which emails are legitimate and which ones aren’t. By gamifying the learning process, we encourage users to take the training to heart,” Aalto adds.

Adopting industry-grade cybersecurity solutions is not enough to establish a strong cybersecurity posture. Organizations must look into strengthening each aspect of their infrastructure-especially the human component. By investing in training, companies can help develop the right behavior in their employees. It’s their employees’ ability to recognize and respond to threats that can decide whether or not they will fall victim to a cyberattack.