←back to thread

Launch HN: Riot (YC W20) – Phishing training for your team

114 points BenjaminN | 4 comments | 24 Mar 20 17:25 UTC | HN request time: 0s | source

Ahoy Hacker News! I'm Ben, founder of Riot (https://tryriot.com), a tool that sends phishing emails to your team to get them ready for real attacks. It's like a fire drill, but for cybersecurity.

Prior to Riot, I was the co-founder and CTO of a fintech company operating hundred of millions of euros of transactions every year. We were under attack continuously. I was doing an hour-long security training once a year, but was always curious if my team was really ready for an attack. In fact, it kept me up at night thinking we were spending a lot of money on protecting our app, but none on preparing the employees for social engineering.

So I started a side project at that previous company to test this out. On the first run, 9% of all the employees got scammed. I was pissed, but it convinced me we needed a better way to train employees for cybersecurity attacks. This is what grew into Riot.

For now we are only training for phishing, but our intention is to grow this into a tool that will continuously prepare your team for good practices (don't reuse passwords for example) and upcoming attacks (CEO fraud is next), in a smart way.

Your questions, feedback, and ideas are most welcome. Would love to hear your war stories on phishing scams, and how you train your teams!

1. brian_herman__ ◴[24 Mar 20 18:15 UTC] No.22677167[source]
How do you differentiate yourself with places like https://www.knowbe4.com/ which offer free services against phishing.
replies(1): >>22677252 #
2. BenjaminN ◴[24 Mar 20 18:21 UTC] No.22677252[source]
I tried Knowbe4, I think it's a horrible product.

I heard once you try the "free service" they call you daily to sign you up for the paid plan.

replies(2): >>22678108 #>>22678850 #
3. thrownaway954 ◴[24 Mar 20 19:35 UTC] No.22678108[source]
i used knowbe4 before and I found their product to be very good and easy to use. also i like that they had training videos and assessment tests as part of their packages. i didn't see anything on your site pertaining to this.
4. jiveturkey ◴[24 Mar 20 20:49 UTC] No.22678850[source]
like sibling, i found knowbe4 to be pretty good. easy to setup, easy to use, great support, pretty comprehensive.

not perfect, mind you, but still pretty good.

they do bug the hell out of you but who cares? it's just one of dozens of calls i have to ignore on the daily. i told them to back off and they did.

i'll tell you what product is actually horrible, and perhaps ironically so. SANS security training (phishing part relevant here, but the entire suite is horrid). just stay away, don't waste a minnit evaluating it.