SafetyDetectives had the chance to interview Rasmus Vinge, the CEO of Cyberpilot, a company developing people-focused cybersecurity training and phishing courses. He gave us his insights on the current state of cybersecurity awareness, and some tips on what to do to prevent the most common cyber attacks.
What’s the story behind Cyberpilot: How did it all start, and how has it changed during the years?
It all started back in 2016 when I and my two partners started CyberPilot. We did it because we could see that most of the cyber security products on the market were aimed at big enterprises and were therefore too expensive for small and medium-sized businesses. We wanted to create security that everyone could afford as smaller companies were getting hacked too. We started out with 4 products but over the years we’ve buried two of the technical products (Log Management and Vulnerability Scanning) to focus only on the human aspect of cyber security. We did this, as we could see that this is where we could make the biggest difference. 9 out of 10 security breaches happen because of human error, so we wanted to help companies avoid that by building good security cultures through awareness training and phishing training. Today we create small courses for our customers that we make sure fit their reality by getting constant input from them. We also send out phishing simulations to make sure that people learn to spot the signals in phishing emails.
Can you give us an overview of your cybersecurity training courses and what makes them stand out from the competition?
One of our biggest strengths is the content of the courses. It all comes down to what topics we choose to make courses about and then the storytelling in these courses. As we continuously create new courses we can always be on the beat. We also ask our customers for input about topics and the content itself, ensuring that the content is relevant and not just a theoretical blur.
We aim to hit the level of knowledge where we don’t demand too much of our readers. There are a lot of things that employees in companies don’t have to know about cyber security – the most important thing is that they are aware in their daily life so that they can spot when something is out of the ordinary. If they spot that they can always ask for help from the IT department, they don’t need to know in-depth knowledge themselves.
Would you say that your customers are mainly proactive or reactive against cyber attacks?
That’s a good question but you could argue that awareness training and phishing training, at their core, is proactive. If it works it can seem like a waste of money as it means you are not getting hacked but at the same time, that’s the goal of being proactive.
In broader terms, I think it’s safe to say that more and more organizations are becoming proactive. It’s probably caused by an increasing number of stories of organizations getting hacked as well as regulations such as the GDPR and NIS2, just to use a couple of European examples.
What is your suggested course of action if a website gets hacked?
I don’t think I have a general response to that as it depends on a lot of things. What are you using your website for today? What is the cost of downtime? What data can get lost? And so on. I think you need to do a thorough risk analysis before it happens to understand the potential consequences. If you don’t have that, you probably also lack of a plan when you get hacked which means the first action is potentially panic. If your website is crucial for your business you need to act right away, but if your website is “just” a digital business card then it might not be a live-or-die scenario. I think that a risk analysis will help you create a good plan for “What if my website gets hacked”, and then you don’t need general suggestions from me.
Is There Any Recent Cyber-Attack That Concerned You More Than Others?
No, it’s not a specific cyber-attack that concerns me. It’s the vast number of attacks that concerns me. The growth rate of attacks is concerning. We also see more and more automated attacks which means cyber-attacks scale easily. We see thousands of phishing emails which mean people must be aware of this every single day. Of course, the technical defenses also get stronger and stronger, but you can’t avoid phishing emails in your inbox with 100% so you need colleagues who spot the dangers and warns others.
And what cybersecurity trends do you think will be crucial in the near future?
I think we will see more of the same when it comes to attacks, but I truly believe that we will see more and more companies invest in people. Historically IT departments have bought technical solutions to prevent security breaches, but the numbers show that the biggest risk is people. I think this means we will see a huge development in people-focused cyber security in the coming years.
And what about your future? What is next for Cyberpilot?
We want to be on the journey of creating people-focused cyber security. We want to create better and better courses and phishing simulations while we also get to know our customers even better. We want to stay close to our customers as they are sitting with the cyber security challenges every single day. I think this will create a lot of learnings for us which will make our services better and make us competitive in the international cybersecurity landscape.