Security vendor Mimecast has bought Ataata, a cybersecurity training and awareness platform designed to reduce human error in the workplace. Customers will measure cyber risk training effectiveness by converting behavior observations into actionable risk metrics for security professionals, it says. The addition of security awareness training and risk scoring and analysis aims to strengthen Mimecast’s cyber resilience for email capabilities.
It will offer a single, cloud platform to reduce employee security mistakes by calculating employee security risk based on sentiment and behaviour. Employees are then provided with relevant training based on their score and recommended areas for improvement.
According to research by Mimecast, 90% of organizations have seen phishing attacks increase over the last year, yet only 11% responded that they continuously train employees on how to spot cyberattacks. This spans organizations of all segments and sizes including major airlines, government, healthcare - or any other industry. Training is considered hard to implement as these organizations often lack resources and the right content to help raise the awareness of what to spot. Gartner is predicting the security awareness computer-based training market will grow to more than $1.1bn by year-end 2020.
“Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn’t work. As cyberattacks continue to find new ways to bypass traditional threat detection methods, it’s essential to educate your employees in a way that changes behavior,” said Peter Bauer, chief executive officer and founder of Mimecast.
“Human error is involved in the majority of all security breaches, and these casual mistakes can cost organizations money, their reputation – and employees, potentially their job,” said Michael Madon, chief executive officer and co-founder of Ataata. “Organizations need to understand that employees are their last line of defense. Cybersecurity training and awareness doesn’t need to be difficult or boring. Training and awareness is needed to help mitigate these internal risks.”