If there’s one common factor in most security breaches, it’s that people are involved. Humans are the cause of insecure passwords, lost secrets, and compromised data, if only because humans have trouble remembering security details. While there are technical causes for many breaches, even there it is often the human factor that ultimately leads to technical weakness. Dealing with the human factor is where Right Hand Cyber ​​Security is coming.

The company built a “human risk management platform” to “help organizations measure which employees are most prone to breach, then provide targeted incentives and micro-modular training to help employees reduce risk,” says Theo Nasser, co-founder and CEO cyber security right hand.

Beyond the significant financial losses resulting from these incidents, one lesson is becoming increasingly clear: people remain the weakest link in the chain of cybersecurity systems. The vast majority of cyber attacks are caused by human error (such as clicking on a phishing link), using a found USB flash drive, or careless behavior (such as sharing sensitive information outside of a company’s network).

Nasser said that by aggregating user data from its existing suite of cyber security tools, the company creates a vector list of network vulnerabilities. In turn, Right-Hand’s system takes into account components of users’ risk scores to provide highly individualized training materials to correct behavior in real time, rather than, say, once a quarter.

Cyber ​​breaches and attacks on large organizations have become a common feature of today’s IT industry. For example, the WannaCry hacks in 2017, the Colonial Pipeline ransomware attack in 2021, and the San Francisco 49ers ransomware attack in 2022 are just a few of the many that involve mistakes made by people charged with securing those networks.

However, many mainstream vendors designing the latest and most sophisticated cyber security tools are still heavily focused on technical vulnerabilities that are often the vectors for ransomware and other devastating attacks, while not always paying attention to the human factor.

Focus on people

That’s why Right Cybersecurity is refocusing on the people who must perform the tasks of protecting their businesses. To achieve this, one of the most important areas of concentration is training, which is often neglected by companies. Right Hand Cyber ​​Security gives focus to training.

“We provide training in real time, to the individual, based on what they need to know, when they need to know it, and why,” says Nasser. “It’s alert-based training; it is behavior-based training and is intended to complement company compliance.”

Right-Hand’s training modules range from helping users generate strong passwords to recognizing phishing attacks or the characteristics of fraudulent websites, among many others, with the aim of simulating real-life scenarios and providing experiential and adaptive learning. In addition, Right-Hand’s back-end technology integrates AI to interpret behavior and select customized learning materials that are most appropriate for a given user.

“Each employee is given a learning path and a learning curriculum on cybersecurity best practices based on their very specific risks that they exhibit,” says Nasser. “We provide tons of content on all different topics. It’s basically a mix of a learning management system combined with a highly gamified experience where we embed AI to deliver tailored learning that is personalized to the needs of each individual user. So instead of your one-size-fits-all training, we’re able to deliver personalized, user-based training at scale.”

Nasser’s company is used in highly regulated industries, such as banking and utilities, as well as in verticals involving large networks such as education. These sectors, Nasser says, require “more than just field checks” when it comes to cybersecurity training.

Nasser and his team at Right-Hand are leading cybersecurity professionals in an often-overlooked direction—one that focuses on the human dimension of risk and ways to change behaviors that are often the biggest factor in major attacks.