Transcript
Mike Matchett: Hi, Mike Matchett with Small World Big Data. I'm here today talking about security. We've got cyber ready back with us, and we're going to talk a little bit more about what it means to secure your organization by getting your employees on board and getting them trained, because really, it's not about the technology, it's about the people. And your people really need to be your your first, last and best line of defense. So stay tuned. So, so welcome, Michael. Welcome to our show. Michal Gil: Oh thank you. Hi, Mike. It's great to be here. Mike Matchett: So tell us a little bit about how you first came to cyber Ready and what drew you into this side of it. The security side. Michal Gil: Oh, that's a good question. So actually my background is chip design. So I'm an I'm an electrical engineer. That's my background. But I was actually a lot more interested in making products than just, you know, working with with chips. And that's how I found myself in product. And, um, all of the companies that I've worked with have been purely techie. And what drew me in to come and work with cyber is actually that beautiful combination of the tech industry and the human aspect of it. Um, training employees is, is just a wonderful experience. Mike Matchett: That human machine interface stuff has always been fascinating to me too, and I have a background as well. So we're, we're I think a lot of E's here are hiding over here in it doing, doing great things. So there's a there's only so much you can do with a soldering iron over there on the other side of the house anyway. So that's great. Tell us a little bit more though about this particular thing that Cyber Ready does. You're you're helping train employees but train them to do what what what's what is sort of the problem you're solving. Michal Gil: So cyber helps. Um, first and foremost, the security team. So we are the end goal is to train all the employees in the organization to identify phishing simulations, but also behave securely in general. And the way we do that is actually by helping the security teams do this mean they have so much on their plate and they're normally so lean in terms of the size of their team, and they have to get so much done. And without a good platform that allows them to train the employees and do a lot of those complicated processes, they just can't get that done. So that's our job to help the security teams, help them train the employees in the organization. Mike Matchett: Okay. And this is more than simply a consulting organization. So I've read you you have a you have tools and product and software that helps do this training, track people, report on them and analyze where you're at in security readiness. Right. Michal Gil: That's right. So we have our platform is based on machine learning. So we have a very complicated and clever machine learning engine that actually helps accomplish this. Because a lot of this is things that just a person can't do on their own. You have to send thousands and millions of of phishing simulations. You have to train, you have to send training, um, and learning modules. You have to track it. You have to then analyze it and decide what to do with that data, and apply specific programs and help riskier employees get better. So all of that cannot be done by a person. You have to automate it so that you can actually make it efficient and make it work. Mike Matchett: All right. So it's about bringing this. And you know, I know that there's some very large companies using using cyber ready. But what's sort of your target uh, size enterprise that you would like to work with? People with large security teams. People with small teams. Michal Gil: That's a good question. We actually have a mix. So we serve, um, teams from all over the world, and we work with companies that have only just a few hundreds of employees and also very large customers that have hundreds and thousands of employees. So for us, the industry doesn't matter. The size of the company doesn't matter. Our platform is fantastic for everyone. If you're a small company, then you're probably very lean on your security team. So you leverage our automation to help you actually run a program. And if you're a very large organization, then your team is probably bigger. But then you face other challenges, you know, training hundreds and thousands of employees globally, and then you actually need the automation to help you with that. So it really doesn't matter where you are. You really need the capabilities of cyber ready to actually run a training program effectively. Mike Matchett: Right. And there's a lot of there's a lot of reasons to do something that includes cyber ready and preparing employees from not being phished. Ransomware is a big topic everyone talks about and compliance. Even if you're not afraid of actually being hacked, you've got to be compliant. And there's there's a lot of reasons to do this. Tell us now with with kind of this, this, this SaaS delivery, you you're always developing and adding new features. What have you been working on lately? What what sort of been your recent challenges and focus on cyber ready? Michal Gil: So we've been working on a lot of things. Um, we've been working on internal communication. First of all, I think that, um, communicating in the organization is super important in order to really make a difference and change the culture. And you need to communicate with all levels in the organization from entry level employees all the way through the executive level. Um, the, you know, the employees need to know how they're doing and how they pose a risk to the organization. So they need to be aware and accountable. So you have to tell them that there's a training program in place and know how they're doing. Managers also need to know because they need to help out. Employees listen to their managers more than anyone else. Right. So you also need to communicate with them. And also the board need to know how the program is going because they want to see ROI. So no matter how you look at it, everyone needs to be part of it. Everyone needs to know what's happening. And that's part of our internal communications suite. In addition to that, we have always worked on inclusivity, and lately we've added a lot of features that help make sure that the entire organization takes part again in the training program. Um, the last features that we have released in terms of inclusivity are to first of all, we have released the poster gallery. And that's because, you know, now we all we think that we're all, you know, computer based, but there are still a lot of employees out there that don't work on computer all day. They're out in the manufacturing floor, they don't have access to computer based training, and they need to engage with security content as well. So the poster gallery is a fantastic way to get them interacting with security content. Mike Matchett: So I just have to stop there. So are we moving forwards or backwards here. We're going back from digital back to analog on our training. But that's to be more inclusive of getting catching up everybody in it. Right. Michal Gil: That's true. That's true. So yes, some people are still analog and digital and they need training as well. Um, so the posters fabulous for that. Um, and also we are making all our training pages, training exercises, training experiences, um, accessible. So the people who are online, um, some of them have disabilities. And our responsibility is to make sure that they as well can engage with training content. And that's why we have made all our training pages wcaG compliant, so that they can experience, um, training properly and engage with the content as they should mean. Mike Matchett: Really, the goal here sounds like to go from, you know, like 7,080% of the employees to to is close to 100% employee coverage. As you can. You're finding that people are able to now get closer to that goal. Michal Gil: Definitely. You just have to keep that in mind. Right. Mean you have to constantly think about about who who are your employees? Um, in the past, maybe think we've thought about it less now. There's more awareness about the different age groups that you're addressing. You've got the millennials that have a different way of interacting with content. You have to think about them. They don't necessarily read emails. Their attention span is lower. Maybe they prefer slack or teams or so. You always have to think about who you're addressing. You have a global workforce, so you have to think about languages. So we address that by translating all our content to 42 languages. We know that, you know, there's a lot of sensitivity around gender. So we make sure that all our content is gender and gender neutral. So you always have to think about it. There's always more to do. And even when you think that you're 100% inclusive, there's still more work to be done. Mike Matchett: I know, and and the bad actors out there are looking for, you know, any percentage, even 1%, would be too many people in an organization to be vulnerable to phishing and and malicious attacks. So the closer to 100% you can get, the better. That's a great thing. Um, tell me, tell me when you're looking at this. Uh, we talked a little bit before about the size of company you're aiming at. But don't don't smaller organizations also face these same challenges? And and how is that how is that emerging? Michal Gil: So yes, definitely. Small organizations face the same challenges but slightly different. So small organizations suffer from everyone's pain that it's very hard to hire professionals. And especially now, you know that there's a bit of a recession going on. So it's even harder than before. And so with a very small team or probably even non-existent team, they still need to be compliant and they still need to run a training program. And so for them, having a solution like cyber ready is um, is really important because cyber Ready allows customers a hands free, hands off experience. They can run the program on autopilot. They don't need someone who runs the product. They can just run it on autopilot and let it go and you know and see the results and be compliant, but not have to dedicate any person to actually run it. Mike Matchett: Awesome, awesome. So you can bring this you can bring this down to, you know, a reasonable package for kind of don't want, say, simpler, but a less well staffed, you know, a company that might not have a dedicated security team, for example, that can that can now start to train their employees on on phishing and the things you guys train on. Michal Gil: That's right. And so we've just recently launched an SME package for those customers that are looking to be compliant, that want to train their employees but are understaffed. So our product is till now has developed a lot of features for more complex organizations. Um, because it assumes that there are more departments, more managers. But if you look at SMEs, those are like could be just like 50 employees. They don't have very complex organizational structures. So a lot of the features that we offer our larger customers are just not relevant to them. So what we've been able to do is remove a lot of the features that they really don't need because they're so small in terms of the head count and then offer them a product that is tighter, is more, um, fitting them and offer it at a competitive price. Mike Matchett: Yeah. So better, better aligned with, with the resources they have and need because even there's, you know, there can be some very sensitive companies dealing with a lot of critical data and, and have a lot of vulnerabilities. If only 25 people. Right. It's not you know, the number of people doesn't necessarily mean the company is doing less critical work. It just means they don't have as many people to try to manage and to manage with. Michal Gil: Exactly. And and a lot of times, hackers actually prefer hacking employees that work in smaller companies because they know that maybe their security tools are not as advanced as the larger ones. Maybe it's just easier to hack. So they everyone needs to be protected. Hackers don't overlook anyone. Mike Matchett: Awesome, awesome tools there. And just to be clear, when you're using cyber ready the the the the person, you know, sort of running it or operating it or setting it up or administering it is using a SaaS kind of platform that you guys are constantly evolving, bringing forward training your machine learning on. And the training comes in to that. So it's not like anything has to really be installed internally in the IT department. And are maintained internally in the department. Michal Gil: That's true. We are completely SaaS, so it's very, very easy to set up our product. I think our fastest customers manage to set up the product and start running within 30 minutes. Mike Matchett: So that sounds like it sounds like a challenge to me. So as we're sort of running to the end here, um, if someone wants to get their hands on cyber ready and turn the buttons and maybe even start to use it, where would you point them at right now? Michal Gil: Yeah. So please visit our website. Um, you can request a demo and we'll be happy to answer all your questions. Mike Matchett: All right. And you know, folks, like you said, you could be ready in 30 minutes with a production quality solution that can start to check some of your compliance boxes and actually protect your company from some vulnerabilities it probably currently has if you're not already running cyber ready tools. Right? So thank you for being here and explaining us today, Michael. Michal Gil: Thank you, Mike, so much for having me. Mike Matchett: And check it out. All right. Take care guys.
