cyberconIQ: A Deep Dive – Part 1: Patented Approach
November 7, 2022 | By: Jonathan Care
The concept of using elements of psychology and human nature to improve cybersecurity might seem a little bit impractical and even esoteric to some. After all, better threat detection, better firewalls, and more robust DDOS mitigation are all the rage right now. Why delve into the human mind?
Statistics provide the answer to that question. The cybercrime watchdog APWG reported that phishing has tripled between early 2020 and late 2022. Hackers and scammers aren’t taking on the hardware. They’re going after the ‘wetware’ – the human brain.
cyberconIQ claims to have an effective answer to this issue… a concept so unique that they’ve patented it. Do they really have an answer to the phishing email problem? Let’s find out.
Four to Six Times More Effective against Phishing Emails
Some anti-social-engineering systems and courses are little more than snake oil. They have slick presentations, but their effectiveness is on par with any mass corporate training on cybersecurity. Forbes points out that most of these programs are stale, long winded, and a waste of time.
But cyberconIQ is clearly doing something right. Companies that underwent the training showed an employee confidence boost in the 90th percentile range. They also said that their people were four to six times more likely to properly handle phishing emails.
Why? Well, here’s where the patented process comes in.
cyberconIQ is able to affect true behavioral change in employees. They do this by actually changing the course material and presentation depending on the participant’s attitude towards risk. That makes every student sit up and listen, because it feels like the program is speaking directly to them.
This is due to their patented ‘myQ’ system. Each student is rated on two axes: Risk Averse to Risk Tolerant, and Rule-Following to Rule-Breaking. Then, depending on how heavily they swing in a particular direction, cyberconIQ tweaks the course material so that they’ll not only understand, but enjoy their cybersecurity training.
This student evaluation process has a 93.7% accuracy rating in risk style assessment. Not bad for a bunch of lines of code. But when looking at these results, it helps to understand the mind behind the grand scheme: that of Dr. James L. Norrie.
Applying Humanity to Cybersecurity
James Norrie is not only the founder of cyberconIQ, he’s also a professor at York College of Pennsylvania. As of 2022, he’s written half a dozen books, appeared on countless shows as a social engineering expert, and helped scores of organizations avoid being overtaken by hackers.
His stated mission is to provide cybersecurity education that ‘inspires hope and dissipates fear’ by modifying online behavior, thus making the Internet a safer place for everyone.
This unique blend of science and kindness is seen throughout cyberconIQ’s DNA. You feel it in the presentation materials, you see it in the way that cybersecurity and psychology are delicately intertwined throughout the process; you can even hear it in his voice when he’s talking about his brainchild. One of his main ‘CYBERology’ principles is spreading out the responsibility for cybersecurity to everyone in an organization. He wants to make it clear that this is a team effort, and nobody is alone. This harkens back to tribal instincts: Every eye watches out for the tribe; every hand is held out to assist the tribe in times of need.
It’s Patented, but is it Effective?
The myQ system holds a patent, but does it walk the talk? Clients seem to think so. Security Magazine talked to a few clients who used the system, and they all had very positive reviews. cyberconIQ’s global partner list demonstrates that other security firms believe in this innovative approach to draw upon them as specialists in the field rather than attempting to design their own solution to social engineering defense and education.
The typical searches for negative reviews yielded absolutely nothing. There’s nearly always a high profile detractor available to provide a sharp counterpoint to any successful cybersecurity business. But not in this case.
By all accounts, the patented myQ combined with cyberconIQ’s dynamic educational system simply works. In addition, they offer a very affordable version, academIQ, which teaches grade school and high school kids about online risks.
Where’s the Proof?
Let’s assume that goodwill follows good intentions, and the lack of detractors is because nobody wants to get tagged for being a sourpuss in the media. Everything we’ve seen so far is anecdotal, or a broad summary of what might be a few edge cases. What happens if we dig deeper? We do exactly that in our next instalment: cyberconIQ – Proven. In the next article in this series, we take a deep dive into the actual process and results of the myQ system, as well as some of the more technical phishing email defenses that cyberconIQ provides.
For more about reducing Human Cyber Risk and our patented approach, contact us today.