Despite employers who need their employees to complete annual cybersecurity training courses, human cybersecurity violations are still happening. The problem can get bigger worse as AI development increases the size and personalization of social engineering campaigns.
AnagramFormerly known as Cipher, is taking a new approach to employee cybersecurity training that the company hopes to maintain the nature of these campaigns.
The New York-based company has built a platform containing hands-on security training for businesses. Training includes videos of bites and personalized interactive puzzles to teach employees how to see suspicious emails and communications. These exercises are designed to be more frequent, and more engaging, than the current criteria of the once annual, lengthy training sessions.
Harley Sugarman, the co-founder and CEO of the Anagram, told TechCrunch that these activities include activities such as having employees who create their own personal phishing emails to teach them how to see how sophisticated campaigns against themselves.
“We get very little, in fact, really inspiration from existing things -well there,” Sugarman said of existing cybersecurity training. “What we really took were lessons from Tiktok, and lessons from Duolingo and Khan Academy. We looked at these platforms that were really done, really well engaging and changing user behavior out of the space of the space of security and we said, Ok, how can we apply those lessons within security? “
The construction of gamified cybersecurity training is not what Sugarman, a former VC in Bloomberg Beta, is set to do when he first launched the company.
Sugarman's first idea was a way to get the “Capture the Flag” of the Cybersecurity Industry's “Capture the Flag” approach to the Upskill Enterprise's cybersecurity employees. This training strategy involves developing software with weaknesses and having security researchers enter the software to find bugs and learn how to write code without falling into both trap.
That company was launched as Cipher in 2022 and gained some traction. But chief science science officials (CISO) began to tell Sugarman that their businesses actually have a greater security issue they are looking for to deal with: their employees are not security. Sugarman said Ciso described their employees as their weakest link to cybersecurity.
“What kind of surprise I was was really the amount of hope I heard in their voices,” Sugarman said. “This is an insurmountable problem for them.”
Cipher then pivoted in January 2024 to focus on solving that problem. Now the start changes its name to the anagram to show its new focus and is in the process of rotating its original product. The Anagram has seen strong growth since Pivot and Landed Customers including Thomson Reuters, Massmutual, and Disney, among others.
Recently a $ 10 million series raised a $ 10 million series of a Madrona's twist with participation from General Catalyst, Bloomberg Beta, and operator partners, among others. The company plans to use funds to form the sales team and continue to improve the product. Sugarman said they have been able to bring the company's failure rates from 20% to 6%, but he thinks they can continue to approach zero.
Sugarman said the anagram launched its product to a really interesting point of inflection for the cybersecurity industry. With the progress of generative AI, social engineering campaigns may be more personalized than ever before, which will make it more difficult for people to tell what is true and what is not.
“I think the kind of impact it is is that traditional email security platforms will definitely have a harder time to see these AI-generated phishes,” Snderman said. “That ability to come up with and randomize is just so powerful, and really, it's hard, from an engineering perspective, to defend against it.”
The Anagram is also working to generate an AI agent that will sit on the emails of business employees and train to flag potential cybersecurity slip-ups before this happens. Sugarman said the agent would do things like pop up to ask someone if they wanted to send their credit card information to email and other similar care.
Meanwhile, the anagram expects that puzzles and videos like training Tiktok will continue to move the needle.
“People are not dumb, we have built skyscrapers that we can make the trip in space,” Sugarman said. “We can figure out how not to click on a weak -suspected link to an email.”
