In a recent interview with SafetyDetectives, CybeReady CEO Eitan Fogel discussed the company’s unique approach to cybersecurity training. Motivated by a dedicated team and a stellar reputation, Fogel highlighted CybeReady’s distinctive methodology, utilizing sports skills acquisition and machine learning for continuous, automated training. He emphasized the critical role of cybersecurity awareness training, citing statistics that show a significant portion of cyberattacks involve phishing. Fogel stressed the evolving nature of cyber threats, advocating for concise, ongoing training to keep employees resilient. Lastly, he discussed the enduring threat of phishing, citing its unchanged psychological principles but heightened impact in today’s digital world.Top of Form
Can you tell me a little about your journey and what motivated you to join CybeReady?
My name is Eitan Fogel. I’m a veteran of the hi-tech industry, and this is the second company that I’ve served as the CEO. I’ve worked on the business side of software/SaaS.
What attracted me to CybeReady was, first, the people. They were very dedicated and seemed to love the company. Then I started to do my due diligence, and I realized that the company has a huge customer base that really loves—not just likes, but loves—what the company does. It was a great sign because if I could take a company that has a great reputation and a lot of customers that really love the company and admire the way the company does things, then it’s a good place for me to join. I can take my experience in global business and turn this company into something much bigger based on this great reputation.
What do you believe sets CybeReady apart in the crowded cybersecurity training landscape?
The cybersecurity training landscape has a mission: it deals with reducing the risk that is related to employee errors.
What does it mean? According to the statistics, it’s very easy for a hacker to gain access to a company or enterprise. Instead of hacking or doing anything sophisticated, what they need is to insert some kind of code into the system. This is done by tricking an employee to click on a link or open an email. If a company has 1,000 employees, the odds are good that at least one of them will take the bait.
Training employees is a challenge, and you have to do it right. CybeReady offers a service that is unique in the market in several ways.
The question is: what is the best training method, and how can it be done at scale? A company wants it done as quickly as possible, so every employee will have the necessary skills. We deal with this challenge by using pillars that no one else uses.
First, we are not simply providing training materials and then letting the organization use those materials to teach their employees. We understand that training is a profession, an art, and it should be done by professionals.
Our service employs a learning methodology that we have developed, based on sports skills acquisition methodology. We developed the system to use machine learning; the system itself is the trainer. So, if you’re using the CybeReady solution, you’re not just getting a bunch of phishing simulations along with reading materials or videos. You’re getting a ready-made program; you just need to plug it in, and it works. All the materials are there, but the “brain,” based on machine learning, decides how to try, which people, when, how, and all these details.
There are just a few simple principles:
- People need to train, and it’s not enough to train once a year. Using the sports principle, if you want to learn how to swim, row a kayak, or ski, you can’t just rely on one lesson a year; you need to train continuously.
- Train for different situations. Imagine that you’re going to learn to ski; you’re naturally going to learn to go downhill, speed up, slow down, turn, use the chairlift, all the different skills needed to safely make it down the mountain.
- Acknowledging the fact that each one of us is different. If I’m going to learn how to play basketball, and other players on the team have different skill sets or play different positions, I need to train for what works for me.
When you come to scale it, you want to treat each employee based on their skills and strengths and for them to learn continuously, for every situation. To do this, you need to create a “brain” to orchestrate and administer it, and that’s what we do. We have a smart system that administers this program automatically to achieve the requested results. As opposed to just giving a company a set of 1000 videos, 2000 simulations and asking the security person, who is not an expert in training, to determine which employees get what materials.
Why is cybersecurity awareness training so critical in today’s digital landscape?
The statistics show that between 40% and 80% of cyberattacks these days involve phishing, which can be avoided with proper training. Phishing is popular because it makes it easy to bypass the filters and sophisticated tools that most organizations have to prevent cyberattacks.
Additionally, being a victim of a cyberattack poses a significant risk that can have a major negative impact on your business, clients, and customers. However, with a small effort of cybersecurity awareness training, it can be managed and dealt with. So, while the risk is substantial, training your employees with the necessary skill set to detect sophisticated phishing attempts will significantly enhance the company’s protection.
How have the types of cyber threats changed over the years?
In one sentence: Hackers are getting smarter; they have more tools, and they are well-equipped.
In fact, anyone can easily download hacking tools; there’s no need to be an expert hacker. They are three steps ahead, working automatically, so they can constantly bombard organizations. While they are becoming more professional and have access to better technology, the organizations are not moving ahead at the same pace. They still use old-school methodologies, send their employees to long cybersecurity lectures, and this is not the way to fight. You need to train them continuously, every two or three weeks, to keep them on their toes. At the same time, you have to make sure that they are not resenting the training.
So what we at CybeReady do is manage how we deliver the training material. We keep it short, to the point, and positive. An employee won’t mind investing 30 to 60 seconds every few weeks for security training, but they will be more resistant to being required to watch a 14-minute video on cybersecurity awareness.
So it’s challenging, but if you want to keep your employees as up-to-date as the professional hackers, you need to do things right, concise to the point on a continuous basis.
With the ever-changing nature of cyber threats, how do you ensure that training remains timely and up-to-date?
Our training is all about data, numbers, and machine learning. So when you say “Up to Date,” what does it mean? We know what it means because every day we train millions of employees. We take a set of drills and use them simultaneously to drill hundreds of thousands of employees in the same drills. We know what works and what doesn’t.
If the machine sees that suddenly people, in general, or from certain segments of their organization, are more prone to fail into a specific type of phishing simulation, for example, immediately our machine learning system increases the portion of the drill on that topic.
Our data tells the story, and immediately it impacts the millions of employees that are learning and drilling through our system. So that’s how we keep up to date.
Of course, we keep adding new content, simulations, and drills. But on an ongoing basis, the system itself finds the right way to drill the employees based on the data and test. Okay, and lastly, you had mentioned that phishing is such a significant threat.
Why is phishing considered such a significant threat to organizations and how have phishing tactics evolved over the years?
Phishing hasn’t changed for thousands of years. By that, I mean that the concept of tricking a person or the psychology of the mind of people hasn’t changed. For example, 200 years ago, someone came and offered you something, where you get a benefit if you do ABC. These types of lures or temptations haven’t changed because our minds haven’t changed.
Phishing techniques use the same concepts. They offer you benefits but put you in some kind of stressful situations. For example, maybe the message claims to be from your CEO, so your stress is engaged, and that’s one of the lures. Psychology hasn’t changed, but what has changed is that we are living in the digital world. This dependence companies have on technology makes them super vulnerable, which didn’t exist 200 years ago.
The second way it’s evolved is the impact. I assume that we only hear about a very small portion of what really happens because organizations don’t want to tell the world that they’ve been hacked. But when we do hear something, it’s huge. Companies are losing their business or client data is leaked online, so the impact has never been higher.