The following is an interview with our co-founder and current head of R&D, Ragnar Sigurdsson, first published by Safety Detectives.
“In this interview we will discover the story and evolution of AwareGO, a company focused on providing the best-in-class cybersecurity training and risk assessment services. Their Head of R&D, Ragnar Sigurdsson, will also share some expert tips to improve business data protection starting from the importance of a password manager, and his predictions for the future of cybersecurity.
What’s The Story Behind AwareGO: How Did It All Start, And How Has It Changed During The Years?
The idea of AwareGO started when I was a penetration tester back in 2007. In my tests I found out that the easiest way in, was to use social engineering or phishing emails to trick people into letting me in. Then I went to these same companies with my powerpoint slides to talk about security do’s and don’ts. To my surprise I found out, most people were not as interested in security as I was and people really did not like to sit through the presentations.
After one of these presentations at a pharmaceutical company I started thinking that there had to be a better way to get the message across. That’s when me and my wife Helga, an experienced HR manager, decided to found AwareGO. Initially it was only going to be about creating the best training material by producing memorable cybersecurity videos. It then evolved to super short commercial-like videos or micro learning sessions with a Learning Management Software for easier reporting and delivery and now a Human Risk Assessment that enables our clients to measure awareness, knowledge and behavior to see where they stand on cybersecurity and receive actionable items to mitigate the risks.
Why Is Security Awareness Training Important Nowadays?
It’s always been important but now that companies have invested in strong technical solutions such as firewalls and antivirus hackers are focusing almost only on people to get their initial access into the systems. It’s also very important because of the new data protection regulations. Mishandling of private documents and information can cost an organization greatly, not only in lost reputation but in fines. In order to comply with these regulations you need to do Security Awareness Training.
What Makes Your Cybersecurity Training Programs Stand Out?
First and foremost I would say that it is our methodology. We have a no blame – no shame approach where we seek to empower users instead of lecturing or shaming them. We don’t preach that users need to become experts when it comes to computers or the internet, instead we just make them aware of how they can be cyber secure in their day to day work.
Secondly it is the fact that we don’t use cartoons, only real-life actors. That way we can create relatable everyday moments that people relate to and infuse them with a little bit of humor to make it more memorable.
We have a client who sent out an NPS survey after sending out our training videos and asking how users liked it. The NPS score for our training was over 90%, not very common when it comes to company training. Another great example is a client who told us how our episodes regularly became a water-cooler topic amongst their employees. I think that is one of the best recommendations that a training can get, let alone in cyber security.
What Security Measures Should Everyone Implement Nowadays To Avoid Cyber Threats And Data Losses?
The best measures and the ones easiest to implement in any organization would be multi factor authentication and password managers. This would go a long way to help secure so many things. I would recommend having clear policies for use and handling of company data and equipment and especially important is the disaster recovery plan, how are you getting back on your feet after disaster strikes, are your backups in order and you should exercise the procedure of recovering your systems and data.
Is There Any Recent Cyber-Attack That Concerned You More Than Others?
My primary concern these days is Ransomware as a Service (RAAS) as the threat is getting near. With RAAS, criminals that aren’t usually associated with computer crimes can branch out into cybercrimes to fund their criminal activities. They don’t even need to know basic programming to do it, they just buy access to a software to carry out their attacks. With powerful tools and knowledge of the victims they could do a lot of damage so prepare your disaster recovery plan, have your countermeasures in order and train your employees to be ready for attacks.
What Cybersecurity Trends Do You Think Will Be Crucial In The Near Future?
It is both my hope and prediction that the trend will go toward focusing on the human factor in cybersecurity, as the vast majority of security breaches involve employees, it is a risk that cannot be ignored.
And What About Your Future? What Is Next For AwareGO?
We have already started on our next big project of using AI to deliver customized awareness and training to each employee based on their knowledge and behavior as well as their role within the company together with their access to data and systems. This will save our customers time and money and increase the overall security awareness and culture level of the companies, so we are very excited about that.”