London, UK-based Think Cyber Security has raised £3 million (approximately $3.8 million) in a late seed funding round led by Fuel Ventures. The total funds raised to date comes to £3.6 million ($4.5 million).
Think Cyber is focused on reducing ‘bad’ behavior by staff. This goes beyond the social engineering susceptibility to phishing and other scams. Its product, Redflags, is a real-time subscription solution designed to increase secure behavior through the concept of ‘nudging’. Simple awareness training is not sufficient – users need to practice ‘good’ behavior beyond simply acknowledging poor behavior and bad intent.
Nudging is the process of teaching this good behavior through gentle nudges – it supplements technical controls and traditional learning methods. The concept goes beyond external attacks, such as phishing. It can be used to reduce accidental internal poor behavior – such as misdirected emails, poor password hygiene, and weak use of gen-AI (such as ChatGPT).
Nudges are delivered in real time at the moment of risk – when an external link might be clicked, or a password entered. It is considered more effective to nudge good behavior than simply teach bad behavior – psychologically, doing good provides more effective learning than teaching bad.
Robert Coles, former CISO of NHS, GSK, and National Grid, comments, “CISOs know that phishing simulations have limited effect and that we can all fall for tricks when we are vulnerable; awareness campaigns only work for a short period before people forget the messages.” With Redflags, he continues, “messages can be tailored and delivered ‘in the moment’ as someone is about to do something risky.”
The purpose of Redflags, initially funded through research grants from InnovateUK, supports the idea of ‘get the basics’ right – in this case by improving secure behavior from what used to be considered ‘the weakest link’ in security – a company’s own staff.
Think Cyber was founded in 2016 by Mike Butler (CTO) and Tim Ward (CEO). Butler was formerly global head of information security at BAE Systems Applied Intelligence, while Ward was global head of information services. BAE Systems Applied Intelligence was formed in 2014 through rebranding Detica, which BAE Systems acquired in 2008.
Related: Security Awareness Training Isn’t Working – How Can We Improve It?
Related: Nudge Security Bags $7M Seed Round
Related: Vista Equity Partners to Buy Security Awareness Training Firm KnowBe4 for $4.6B
