Threat awareness startup HackNotice has raised $7 million in a Series A funding round led by Strategic Cyber Ventures and Lytical Ventures. The funding will primarily be used to build the team around an already mature product.
The flagship product upends the usual notion of threat awareness. Its primary purpose is not to deliver security awareness training to staff, but to deliver notification of a specific threat affecting individual users in – effectively – realtime. The purpose is to involve users in their own cyber defense.
The HackNotice product was released at the end of 2020 in the middle of the COVID pandemic. “From the beginning,” CEO and co-founder Steve Thomas told SecurityWeek, “we had the view that hackers hack through people. We need to make every employee aware of how they’re being targeted while they’re being threatened, and then help them protect themselves.”
Thomas has always believed that traditional security training simply doesn’t work, and concluded the primary problem was a failure to deliver motivation to the user. The HackNotice belief is that motivation comes from involvement.
The company scrapes the dark net for every bit of information it can gather. This is standard practice from threat intelligence firms. Where HackNotice differs, explained Thomas, is, “We have a platform that distributes that knowledge to every employee, but limited to only what is relevant to each employee.”
Every company using the service enrolls its employees. Those employees tell HackNotice which websites they tend to visit, both professionally and personally. Privacy is central to the solution – the employee can specify that ‘personal websites’ and ‘personal identities’ should not be made known to the employer. These are not disclosed to the company; but the employee has the benefit of increased protection at home as well as at work – and by extension, this includes added protection for the family.
This is where the uniqueness of the HackNotice service begins. “So, we start off with the security events and we say okay, if you use T Mobile, well T Mobile was just broken into. Here’s the type of information that was stolen from you. Here’s how hackers could use that against you.”
The platform enumerates the different threats that hackers would pose with the stolen information. “For example,” he continued, “if attackers steal your financial data, then they could attempt wire fraud; so, we give the user ways that they can protect themselves. We use every real security event as a learning experience – learning through doing and acting, showing the user how to respond to an actual and personal threat. Our primary goal in interacting with the employee is to get them to protect themselves.”
This increased protection spreads outwards to both the company and the family, and suggests HackNotice, provides a much better security awareness ROI than just periodic or even continuous security awareness training sessions.
The service is based on HackNotice researchers embedded in hundreds of hacker forums, gaining access to the same files used and shared by the criminals. From these, HackNotice ingests hundreds of gigabytes of dark data daily. The platform breaks down the files and indexes the content.
“As soon as something is in our index, we start alerting from it. So, let’s say that we see your password today,” continued Thomas. “As soon as it hits our index, we then generate an alert, and that alert is going to go to you and it’s going to contain all the actionable information that you need. All this happens in realtime. From the moment a hacker discloses a password to the moment the user is notified will take from a few minutes to, at the most, a few hours.”
The platform and the service are ready to scale. All that is required for growth is an increased and enhanced team. This is the primary purpose for and use of the new funding.
“HackNotice believes that threat awareness is the future of employee-based cybersecurity,” explains Thomas. “Proactive cybersecurity is a priority for businesses because of the constant increase in ransomware and cyberattacks. HackNotice provides companies with a best-in-class threat awareness platform, filling in the employee security and threat awareness gap.”
Related: Dark Hash Collisions: New Service Confidentially Finds Leaked Passwords
Related: Deep Analysis of More than 60,000 Breach Reports Over Three Years
Related: The Many Faces of Threat Intelligence Part 1: Identifying the Problems
Related: Security Awareness Training Firm KnowBe4 Raises $300 Million
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- UK Introduces Mass Surveillance With Online Safety Bill
- Blockchain Security Firm True I/O Raises $9 Million
- Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report
- QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Burnout in Cybersecurity – Can It Be Prevented?
- Verosint Launches Account Fraud Detection and Prevention Platform
Latest News
- Anti-Bot Software Firm DataDome Banks $42M Financing
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Why Endpoint Resilience Matters
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- UK Introduces Mass Surveillance With Online Safety Bill
