←back to thread

Launch HN: Riot (YC W20) – Phishing training for your team

114 points BenjaminN | 3 comments | 24 Mar 20 17:25 UTC | HN request time: 0.298s | source

Ahoy Hacker News! I'm Ben, founder of Riot (https://tryriot.com), a tool that sends phishing emails to your team to get them ready for real attacks. It's like a fire drill, but for cybersecurity.

Prior to Riot, I was the co-founder and CTO of a fintech company operating hundred of millions of euros of transactions every year. We were under attack continuously. I was doing an hour-long security training once a year, but was always curious if my team was really ready for an attack. In fact, it kept me up at night thinking we were spending a lot of money on protecting our app, but none on preparing the employees for social engineering.

So I started a side project at that previous company to test this out. On the first run, 9% of all the employees got scammed. I was pissed, but it convinced me we needed a better way to train employees for cybersecurity attacks. This is what grew into Riot.

For now we are only training for phishing, but our intention is to grow this into a tool that will continuously prepare your team for good practices (don't reuse passwords for example) and upcoming attacks (CEO fraud is next), in a smart way.

Your questions, feedback, and ideas are most welcome. Would love to hear your war stories on phishing scams, and how you train your teams!

1. codegeek ◴[24 Mar 20 19:12 UTC] No.22677881[source]
Pricing feedback. I would love this type of training for our small team of 12 people BUT at this time, I cannot spend $199/Month even though one could argue that there is no cost high enough for security. Perhaps add another smaller tier for companies with 20 or less employees in the 2 digit range ?
replies(2): >>22677976 #>>22701268 #
2. BenjaminN ◴[24 Mar 20 19:22 UTC] No.22677976[source]
Sure! Pricing is actually very hard to set up.
3. jtthe13 ◴[27 Mar 20 08:44 UTC] No.22701268[source]
100% agree. CEO of 13 people services biz here. We're currently priced out of this when it could actually be useful. One thing of note: when we consider security tools / training, monthly is not the right frame of reference. It's either brought back to a daily expense (i.e. how does it compare in my daily costing vs. billed revenue per day), or annually, compared to an insurance premium. I know ho much my cyber liability insurance costs me and it's easier to compare on a yearly basis. FWIW, it would be an instant buy for us at 199 per year. Above this, it'll fall in the budget security bucket and under comparison with others.