AwareGO has released its Human Risk Assessment for SMEs. The product is aimed at helping SMEs understand the risk that employees pose to the business. It measures employee behaviours and knowledge across a range of known risk factors.
Ari Jonsson, Chief Executive Officer, AwareGO, said, “All businesses need to address the human side of cybersecurity. That means being able to measure the risk and to mitigate it. Many small and medium-sized enterprises have had difficulties finding effective and efficient cybersecurity solutions that can comprehensively address the human side of cybersecurity risk.
“Such smaller enterprises do not have access to the large consultancy firms or the capacity to build up an internal security team.
“AwareGO is addressing this challenge for smaller and medium-sized businesses with a comprehensive solution. By using our Human Risk Assessment, all businesses can now continuously track the risk levels associated with the human side of cybersecurity across a broad range of threats.
“Then, with our unique 1-minute live action awareness training videos, they can strengthen their cyber resilience by making employees aware of threats and able to respond correctly. Most importantly, our solution is affordable, easy to use, highly effective and loved by employees.”
What benefits is AwareGO offering?
AwareGo says its Human Risk Assessment brings a range of benefits including:
- Affordability – HRA offers a monthly subscription rate of $1.50 per user which also includes all of AwareGO’s micro-learning videos.
- Simple to activate – HRA is a cloud-based solution with no installation and no set-up needed, as well as the ease and convenience of self-service;
- Easy to implement – Ready-made assessments mean customers can employ HRA immediately
- No upfront commitment, AwareGO offers 14-day free trial
- Can be combined for enhanced security with AwareGO’s unique cybersecurity training, which is available in multiple languages and designed to improve cybersecurity awareness in the workplace.
Human Risk Assessment uses two key measures, behaviour and knowledge and then compares that with known risk vectors.
The use of behavioural analytics is not new. They are included with an increasing number of cybersecurity solutions to identify account takeovers and malicious insiders.
How AwareGO defines knowledge seems limited. It is looking at how that employee scores when it comes to cybersecurity training. That’s good but there is another measure of knowledge and that is access. The longer you stay at an organisation the more access to acquire. Comparing access to cybersecurity awareness would really identify those employees whose targeting would bring the greatest rewards for an attacker.
Once gathered, the data is then compared to several known human threat vectors. This includes phishing, remote/hybrid work and passwords. It builds a picture of the risk that employee poses. It then seeks to offer solutions to strengthen that employee’s security stance.
Enterprise Times: What does this mean?
Like other companies in the security education space, this is all about reducing the risk that the insider poses. It is an area that has had much attention over the last decade but which still falls short. Much of the focus has been on training and simulation. The problem here is that the training is often inadequate, not current with the threat landscape and poorly targeted. It is also not a continuous process.
Another common failure is how people’s susceptibility to phishing is assessed. It seems to always be around email rather than social media and other services. AwareGO is using social media as a way of assessing risk to data. It is a welcome improvement to measures of risk.
It will be interesting to see how it works in practice. If it is a run once and react process then it will have limited benefit. What it really needs to be is a continuous monitoring process to ensure it catches any change.
AwareGO is focusing on a different approach. That is understanding the threat every employee poses. It’s a good starting point for many reasons, not least the ability to target training for those who need it the most. It is also sensibly targeting the SME sector. SMEs are often targeted as a stepping stone to compromise partners in the supply chain. Will SMEs see this as their solution?