←back to thread

Launch HN: Riot (YC W20) – Phishing training for your team

114 points BenjaminN | 7 comments | 24 Mar 20 17:25 UTC | HN request time: 0s | source | bottom

Ahoy Hacker News! I'm Ben, founder of Riot (https://tryriot.com), a tool that sends phishing emails to your team to get them ready for real attacks. It's like a fire drill, but for cybersecurity.

Prior to Riot, I was the co-founder and CTO of a fintech company operating hundred of millions of euros of transactions every year. We were under attack continuously. I was doing an hour-long security training once a year, but was always curious if my team was really ready for an attack. In fact, it kept me up at night thinking we were spending a lot of money on protecting our app, but none on preparing the employees for social engineering.

So I started a side project at that previous company to test this out. On the first run, 9% of all the employees got scammed. I was pissed, but it convinced me we needed a better way to train employees for cybersecurity attacks. This is what grew into Riot.

For now we are only training for phishing, but our intention is to grow this into a tool that will continuously prepare your team for good practices (don't reuse passwords for example) and upcoming attacks (CEO fraud is next), in a smart way.

Your questions, feedback, and ideas are most welcome. Would love to hear your war stories on phishing scams, and how you train your teams!

1. equidistant ◴[24 Mar 20 18:03 UTC] No.22676993[source]
That's an unfortunate business name
replies(1): >>22677040 #
2. BenjaminN ◴[24 Mar 20 18:06 UTC] No.22677040[source]
Definitely bad timing. My experience with names: they are never good enough.

What I look for in a name:

1. If I say it out loud, you know how to write it.

2. If I say it out loud today, you remember it tomorrow.

On that 2 criteria, Riot works quite well I think.

replies(1): >>22677044 #
3. equidistant ◴[24 Mar 20 18:07 UTC] No.22677044[source]
It's bad in that there's already a very popular game company named Riot (Games) which everyone refers to as 'Riot'.
replies(2): >>22677146 #>>22677338 #
4. BenjaminN ◴[24 Mar 20 18:14 UTC] No.22677146{3}[source]
Some people know League of Legends, most don't know Riot Games. And I double checked: Riot Games don't own a trademark for anything related to cybersecurity.
replies(2): >>22679414 #>>22682601 #
5. thenewnewguy ◴[24 Mar 20 18:27 UTC] No.22677338{3}[source]
Disagree, I have serious doubts you could confuse the two. I can see almost no context where 'Riot (Games)' and 'Riot (Anti-Phish Company)' could be meaningfully confused.
6. Arathorn ◴[24 Mar 20 21:48 UTC] No.22679414{4}[source]
Unfortunately that doesn't seem to stop them going after companies with Riot in their name (even though Riot is also a dictionary word) :(
7. pipework ◴[25 Mar 20 07:16 UTC] No.22682601{4}[source]
Way more people already know riot games and league of legends than will ever know about your security startup, so I don't see what they're upset about for you. Hand-wringing, perhaps?