Threat awareness startup HackNotice has raised $7 million in a Series A funding round led by Strategic Cyber Ventures and Lytical Ventures. The funding will primarily be used to build the team around an already mature product.
The flagship product upends the usual notion of threat awareness. Its primary purpose is not to deliver security awareness training to staff, but to deliver notification of a specific threat affecting individual users in – effectively – realtime. The purpose is to involve users in their own cyber defense.
The HackNotice product was released at the end of 2020 in the middle of the COVID pandemic. “From the beginning,” CEO and co-founder Steve Thomas told SecurityWeek, “we had the view that hackers hack through people. We need to make every employee aware of how they’re being targeted while they’re being threatened, and then help them protect themselves.”
Thomas has always believed that traditional security training simply doesn’t work, and concluded the primary problem was a failure to deliver motivation to the user. The HackNotice belief is that motivation comes from involvement.
The company scrapes the dark net for every bit of information it can gather. This is standard practice from threat intelligence firms. Where HackNotice differs, explained Thomas, is, “We have a platform that distributes that knowledge to every employee, but limited to only what is relevant to each employee.”
Every company using the service enrolls its employees. Those employees tell HackNotice which websites they tend to visit, both professionally and personally. Privacy is central to the solution – the employee can specify that ‘personal websites’ and ‘personal identities’ should not be made known to the employer. These are not disclosed to the company; but the employee has the benefit of increased protection at home as well as at work – and by extension, this includes added protection for the family.
This is where the uniqueness of the HackNotice service begins. “So, we start off with the security events and we say okay, if you use T Mobile, well T Mobile was just broken into. Here’s the type of information that was stolen from you. Here’s how hackers could use that against you.”
The platform enumerates the different threats that hackers would pose with the stolen information. “For example,” he continued, “if attackers steal your financial data, then they could attempt wire fraud; so, we give the user ways that they can protect themselves. We use every real security event as a learning experience – learning through doing and acting, showing the user how to respond to an actual and personal threat. Our primary goal in interacting with the employee is to get them to protect themselves.”
This increased protection spreads outwards to both the company and the family, and suggests HackNotice, provides a much better security awareness ROI than just periodic or even continuous security awareness training sessions.
The service is based on HackNotice researchers embedded in hundreds of hacker forums, gaining access to the same files used and shared by the criminals. From these, HackNotice ingests hundreds of gigabytes of dark data daily. The platform breaks down the files and indexes the content.
“As soon as something is in our index, we start alerting from it. So, let’s say that we see your password today,” continued Thomas. “As soon as it hits our index, we then generate an alert, and that alert is going to go to you and it’s going to contain all the actionable information that you need. All this happens in realtime. From the moment a hacker discloses a password to the moment the user is notified will take from a few minutes to, at the most, a few hours.”
The platform and the service are ready to scale. All that is required for growth is an increased and enhanced team. This is the primary purpose for and use of the new funding.
“HackNotice believes that threat awareness is the future of employee-based cybersecurity,” explains Thomas. “Proactive cybersecurity is a priority for businesses because of the constant increase in ransomware and cyberattacks. HackNotice provides companies with a best-in-class threat awareness platform, filling in the employee security and threat awareness gap.”
Related: Dark Hash Collisions: New Service Confidentially Finds Leaked Passwords
Related: Deep Analysis of More than 60,000 Breach Reports Over Three Years
Related: The Many Faces of Threat Intelligence Part 1: Identifying the Problems
Related: Security Awareness Training Firm KnowBe4 Raises $300 Million