Johannesburg, 19 Jan 2017
Taking a "prevention is better than cure" approach to cyber security, Dublin start-up CyberRiskAware is targeting global markets with technology designed to train company staff to identify malicious e-mails and other cyber threats.
"Some 95% of security incidents are caused by human error," said company founder and CEO Stephen Burke, saying that human error mainly involves the opening, by staff, of phishing e-mails containing ransomware, malware and fraudulent requests for money transfers, known as CEO fraud.
"In the last year, there has been a 250% increase in phishing scams. Recent figures show that 86% of all e-mail phishing attacks contain ransomware and that 95% of all successful cyber attacks start from phishing."
Observing the escalation of global cyber attacks, Burke, while working as a chief information security officer for a global financial services company, decided there was a gap in the market for a company offering a proactive approach to cyber security.
He said: "There were products but these mostly involve a 40-minute training course which takes place once a year and is just a tick-the-box compliance exercise. What is needed to reinforce the message is short and frequent training, with engaging and enjoyable content."
Believing there was a need for a cyber security product which could deliver the right message to the right user at the right time, he set up CRA in January 2016.
Using his own funding, he recruited three other cyber security specialists as directors and set about building a minimum viable product. In April, CRA launched a mock phishing platform and an e-mail security course.
"We made our first sale in June to a large UK/Irish retailer. Since then we have had additional sales in Africa and are awaiting the sign-off of several business cases in Ireland and the UK," he said.
The mock phishing platform is designed to allow employers to test employees' response to cyber threat and to identify those in need of extra training.
It typically finds that 23% of employees open phishing e-mails and that 11% of them go on to open attachments or links. In addition, the company offers short training courses courses and videos covering 24 security topics as well as a security assessment quiz.
CRA has also added real-time messaging, which, according to Burke, is unique to the company and sets it apart from its competitors. It operates by sending relevant messages when risky behaviour, such as using USB keys or downloading from the Internet, is detected.
Burke has signed channel partnership agreements with eight cyber security and insurance companies - including three in the US, four in the UK, and one in South Africa. Estimating the company platform already has in the region of 2 000 users, he says the plan for 2017 is to ramp up sales.
Revenue is earned from annual subscriptions based on usage and content. The core product is the mock phishing platform.
"We charge a minimum price of EUR25 per person for this based on a minimum of 100 users, with a lower charge for a higher number of users,'' he said.
At the end of 2016, the company received EUR50 000 in competitive Start Funding from Enterprise Ireland, which has been used to expand the company's training range and its Web site. Identified as a high-potential start-up by Enterprise Ireland, CRA is now planning to embark on a significant funding round.
Burke said: "We will apply for high-potential start-up funding and will also be looking for private funding. Our aim is to raise between EUR750 000 and EUR2 million this year."
The funding is needed to market the company internationally and to develop the team. CRA plans to take on at least six staff and aim to achieve a turnover of EUR1 million. It then aims to double that in 2018.
With cyber attacks now estimated to cost EUR2.85 trillion a year, he believes there is huge scope for CRA's e-learning platform.
Share