“We’re trying to engage employees, and make sure we’re not coming across in a way that’s slapping your hands or waving a big red warning banner,” Spitler added.
In order to ensure employees engage with these prompts, Nudge worked with Aaron Kay, a professor of psychology at Duke University, who showed the startup how it can take foundational research done in psychology in order to establish a relationship between our product and end users. “We believe that every employee has the potential to behave in ways that support and strengthen the organization’s cybersecurity posture, it’s just not always simple or straightforward to do so.” “We act as a sidecar in a way that allows employees to engage with the security team and allows the centralized team to still have visibility into what’s going on, set policies and have employees be part of that process in a way that doesn’t disrupt their work,” Nudge’s Spitler told TechCrunch. For example, if an employee downloads Dropbox but the organization uses Google Drive, Nudge will start a dialogue to understand why that decision has been made. When there’s a new “security critical” event, such as the creation of a new account or the installation of a new app, Nudge engages with that employee to ensure they are making good security choices. The company’s security offering continuously uncovers historical and new software-as-a-service assets across an organization, including SaaS supply chains and OAuth grants, without relying on network infrastructure, endpoint agents, browser extensions or API integrations.
As its name suggests, its product does that by “nudging” employees toward optimal security behaviors, such as switching on multi-factor authentication (MFA) or changing their password if it has been involved in a breach. The fully remote company - with outposts in Austin, Texas and Jackson, Wyoming - was founded in 2021 by ex- AlienVault software engineers Russell Spitler and Jaime Blasco, who believe the only way to address the “people problem” is to make employees part of the solution. Now, cybersecurity startup Nudge Security is emerging from stealth to help organizations tackle what they think is the biggest cybersecurity weakness: people. As these big names demonstrate, these kinds of attacks can be hard for even the most well-resourced organizations to protect against. These low-tech but high-impact attacks - where hackers manipulate employees into granting them access to companies’ services and data - increased by almost threefold last year, and have so far this year claimed several high-profile victims, from Twilio and Mailchimp to Revolut, and most recently Uber. Social engineering attacks are on the rise.
0 kommentar(er)
