Calling custom security awareness training the answer to social engineering, Riot raises $12M

Within the present risk panorama, workers who can’t pinpoint phishing emails are at severe threat. When only a single click on on a malicious hyperlink or attachment can set off an information breach, customers want should have the power to identify social engineering assaults every time they encounter them. 

One supplier trying to equip workers with the data to detect social engineering threats is Riot. The corporate at this time introduced it has raised $12 million as a part of a Sequence A funding spherical led by enterprise capital fund Base10. 

Riot’s safety consciousness coaching platform affords a catalog of greater than 20 text-based programs based mostly on varied situations together with CEO fraud and spear phishing, which could be issued year-round through Slack and Microsoft Groups. These programs are additionally dynamically personalized to supply customers with tailor-made studying experiences. 

The seller claims to have the very best safety consciousness coaching completion fee within the business, and highlights that there’s no-one-size matches all to safety consciousness coaching. Every worker must be educated to defend in opposition to the precedence dangers that their group, business, and place, are uncovered to. 

Mitigating social engineering and human threat 

After a spate of high-profile social engineering breaches impacting organizations like Uber and Rockstar Games final yr, many safety leaders are turning to safety consciousness coaching to higher educate workers on security-conscious habits. 

In keeping with Proofpoint, though 99% of firms declare to supply a cybersecurity consciousness program, workers nonetheless don’t have primary cybersecurity data and 47% nonetheless lack an understanding of the idea ‘phishing.’ And, in line with Verizon, 82% of knowledge breaches are brought on by human error.

Riot founder Benjamin Netter identified that the issue is that many “cookie-cutter” coaching options are too generic, lowering the probability of engagement and constructive studying outcomes.

“The present business customary consists of cartoon movies despatched to all workers, adopted by a fast quiz to evaluate their retention and comprehension. Though this spray-and-pray method ticks the compliance field, it doesn’t enhance worker safety,” mentioned Netter.  

As an alternative, Riot generates coaching supplies based mostly on sure contextual elements and triggers. As an example, its answer can detect whether or not an worker has Multi-Issue Authentication (MFA) enabled; it will possibly then generate a course to focus on the significance of authentication for those who don’t make use of MFA.

The safety consciousness coaching market 

Riot’s answer falls throughout the safety consciousness coaching market, which Cybersecurity Ventures predicts will attain a price of $10 billion yearly by 2027.

One of many Riot’s principal opponents is Knowbe4, acquired final yr by Vista Fairness Companions for $4.6 billion.

Knowbe4’s platform affords what the seller claims the biggest library of safety consciousness coaching supplies with automated coaching campaigns and scheduled reminder emails. It additionally affords automated simulated phishing assaults so workers can apply detecting malicious emails. 

One other key competitor is Proofpoint, which affords a safety consciousness coaching platform that organizations can use to finish data assessments, tradition assessments and phishing simulation exams and studies that determine prime clickers. Thoma Bravo acquired Proofpoint for $12.3 billion in August 2021. 

At this stage, the important thing differentiator between Riot and opponents is its use of personalized coaching supplies based mostly on contextual elements.