Revolutionizing Cybersecurity Training: Anagram’s Engaging Gamified Approach for Employees
In today’s digital landscape, despite mandatory yearly cybersecurity training, human errors remain a significant factor in cybersecurity breaches. As generative AI evolves, these breaches may become even more pronounced, particularly through enhanced social engineering tactics. Anagram, a New York-based company formerly known as Cipher, is pioneering a fresh approach to employee cybersecurity training aimed at addressing these challenges.
Innovative Cybersecurity Training by Anagram
Anagram has developed a platform that provides hands-on security training tailored for enterprises. This innovative training includes:
- Bite-sized videos
- Personalized interactive puzzles
These methods are designed to help employees effectively recognize suspicious emails and communications, offering a more engaging alternative to traditional lengthy annual training sessions.
Engaging Training Techniques
Harley Sugarman, co-founder and CEO of Anagram, shared insights with TechCrunch regarding their unique training activities. Employees are encouraged to create personalized phishing emails, which helps them identify sophisticated campaigns targeting them. Sugarman emphasized:
“We took very little, in fact, basically no inspiration from the existing stuff out there… We looked at platforms like TikTok, Duolingo, and Khan Academy to engage and change user behavior.”
Adaptation and Pivot to Address Cybersecurity Weaknesses
Initially, Sugarman aimed to enhance the cybersecurity industry’s “capture the flag” training method to upskill enterprise cybersecurity personnel. This involved creating software with vulnerabilities for security researchers to identify and fix. However, feedback from Chief Information Security Officers (CISOs) revealed that the real concern lay with non-security employees, often cited as the weakest link in cybersecurity.
Reflecting on this, Sugarman noted:
“What sort of surprised me was actually just the amount of hopelessness that I heard in their voices. This was an unsolvable problem for them.”
In January 2024, the company pivoted and rebranded to Anagram, focusing on this critical issue. This strategic shift has led to significant growth, attracting clients such as Thomson Reuters, MassMutual, and Disney.
Funding and Future Plans
Anagram recently completed a $10 million Series A funding round led by Madrona, with participation from General Catalyst, Bloomberg Beta, and Operator Partners. The funds will be utilized to expand the sales team and enhance the product further. Sugarman reported:
“We have been able to bring company’s phishing failure rates from 20% down to 6%.”
Challenges from Generative AI in Cybersecurity
The launch of Anagram’s new product comes at a pivotal moment for the cybersecurity sector. As generative AI advances, social engineering campaigns are becoming more personalized, complicating the detection of fraudulent emails. Sugarman pointed out:
“Traditional email security platforms are going to have a much harder time detecting these AI-generated phishes.”
Future Innovations: AI in Cybersecurity
Anagram is also in the process of developing an AI agent designed to reside in employees’ email systems, flagging potential cybersecurity threats before they escalate. This AI would provide real-time prompts, such as cautioning users before sending sensitive information like credit card details via email.
As Anagram continues to refine its engaging training methods, Sugarman remains optimistic about human potential in cybersecurity. He stated:
“Humans are not dumb; we built skyscrapers and can figure out how to avoid clicking on suspicious links in emails.”
For more insights on cybersecurity training techniques, explore our comprehensive guide to cybersecurity training.
