OutThink Human Risk Management

Teams Integration
Named administrators are able to create campaigns and are sent campaign alerts, links to organization-wide summary reports via Teams.
We are currently enhancing the Teams App to introduce the ground-breaking concept of delivering real-time interactive modules, nudges, quizzes and surveys directly in Teams. Live learner responses are sent via telemetry to OutThink servers, and supplement the web-based training data, for inclusion in standard reporting and human risk intelligence.

Azure AD / OKTA Integration
OutThink natively supports the System for Cross-Domain Identity Management (SCIM v2.0). This allows clients to automatically synchronize user populations between compliant identity management solutions (such as Okta, Azure Active Directory or OneLogin) and OutThink.

EU, UK, US or UAE Hosting, in Azure
The OutThink platform is primarily hosted on the Azure cloud in Europe, with the option of having customer personal data retained within the EU (Netherlands & Republic of Ireland), UK, US or UAE. Global Content Delivery Networks (CDN) and acceleration services ensure a high speed and efficient platform for customers around the world.

Phishing Reporting Add-In
The OutThink Phishing Reporting Add-In can be centrally deployed to all (or a subset) of your Outlook users via Office Centralised Deployment. The add-in seamlessly integrates with Outlook on the Web (OWA), Outlook Desktop, and Outlook for iOS / Android. OutThink are enhancing the Reporting Add-In functionality to support equivalent functionality within Google Workspace / Gmail.
If a user decides to initiate the reporting action on a particular email, the Add-In will undertake a series of detective actions on the email, and will send relevant telemetry data to the OutThink servers, and/or relay emails to named administrators/SOC team personnel, and quarantine/remove the offending email from the user’s inbox. If require OutThink can also integrate with 3rd party phishing reporting button like Cofense, Proofpoint, Knowbe4, Ironscales, etc.

Integrations with Client Security Systems (Phase 2 – TBC)
OutThink will integrate with security systems clients have in place (e.g., Microsoft Defender, Sentinel), to measure user behaviours, by ingesting logs and events from the endpoint, network and cloud.
OutThink analyses this data utilising unsupervised machine learning, based on robust scientific models (behavioural economics & psychology) to predict human risk. The OutThink ML algorithms then recommend improvement actions.

OutThink delivers adaptive security awareness training (inc. phishing simulations) to users, giving defenders the overall human risk picture. This provides a solid foundation for risk-based decision making and treatment prioritisation.

Improve Engagement – Give your employees a two-way communication channel, social learning experience to increase engagement

Measurement – Identify users who are a risk of security incidents. What segments do they fall into and how to engage, how to better support them? With scientific models developed by Dr Shorful Islam and Professor Angela Sasse, the world’s leading voices for human-cantered security, it is now possible to demonstrate human risk reduction and programme success.

Manage Human Risk – Understand and manage human risk. OutThink provides both automated (one-click) and manual improvement actions, form historically proven risk treatment methods.

Targeted Interventions – OutThink gives teams the visibility required to deliver targeted interventions (security awareness training, workshops, reengineer processes, technology and tools) and manage the risk of data breaches caused by human behaviours more effectively.

Adaptive Security Awareness Training
Training that's relevant to your employees, reduces risk and productivity cost. The eLearning catalogue covers the full spectrum, as certified by the UK Government National Cyber Security Centre. It comprises of 29 short (5 - 10 min) interactive modules, with 2D animation. The content and user interface is available in 18 languages - Arabic, Czech, Danish, Dutch, English, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese (Brazil / Portugal), Romanian, Slovak, Spanish ( Spain / Mexico), Turkish.

The OutThink dynamic content allocation engine delivers relevant training modules, based on employees’ needs and risk. More security, more productivity.
We use storytelling, real life scenarios and characters your employees can identify themselves with. These are accompanied by supporting materials such as short videos, newsletters, screensavers.

OutThink has used an adapted version of Self Determination Theory to gamify the learning experience. High engagement during training, for example submitting a comment, rating a module, completing a module, taking the time to learn (not clicking through) are all rewarded with points. These draw on an individuals’ need to demonstrate competence, autonomy, and social relatedness.

Security awareness training topics covered:

• Introduction to Information Security
• Email Security & Phishing
• Web Security
• Malware Protection
• Storage Media (portable devices)
• Cloud Computing
• Remote Working (public wi-fi use)
• BYOD & Mobile Device Security
• Encryption
• Passwords
• Social Engineering
• Social Networking
• Information Classification
• GDPR (a suite of 5 modules)
• Breach Response (incident reporting)
• Physical Security & Clear Desk

The content can be customised (translations cost), and bespoke modules can be developed (additional cost), if required. New assets are added all the time, to reflect changes in the threat landscape and ensure that your security awareness programme continues to deliver optimal results year after year.

Phishing Simulations
Most cyber-attacks against organisations start with a phishing email. Phishing is typically used to drop malware such as ransomware or a key logger. Even if technical security means exist to prevent phishing, such as email filtering, traffic monitoring and network protection, they cannot be completely effective because phishing involves an unpredictable parameter: human risk.

Initially these emails were easy to recognise, and the security team could easily detect and remove them. Phishing emails have continually improved in design and content and are increasingly more targeted.

In the last few years, we have seen well crafted, legitimate looking emails that used specific information about the organisation or the individual. By clicking on or responding to these emails an employee can potentially give access to sensitive data or have their credentials stolen.
Security departments often cannot detect these phishing emails, but employees can.

With the OutThink phishing simulations tool you can periodically send phishing emails to employees, understand the reasons behind the click and improve their ability to recognise phishing emails over time. Leveraging advancements in behavioural science, OutThink will move your users along the competence spectrum, through Notice> Aware> Demonstrating> Automaticity.

The OutThink phishing simulations and education are backed up by established psychological behaviour change and decision-making theory, empirically tested interventions, and continual research focused on both end-user vulnerabilities and changes in attacker strategies. OutThink real-time interventions focus not just on decision-making during conscious thought, but also when in heuristic mode (which is 95% of the time). You don't just measure 'clicks' you’ll understand who, why and the best strategies to reducing the risk.

Targeting all employees with simulated generic phishing attacks will establish a baseline, assess who needs more support and track long term phishing resilience improvements.

Human Risk Intelligence
Compliance is just the beginning. Go beyond compliance.

The OutThink algorithms understand individual users, measuring their attitudes (intention, engagement, sentiment, psychographic segment) via telemetry, as they undergo cybersecurity awareness training. OutThink also measures users’ security behaviours by integrating with the security systems clients have in place - e.g., EDR, Email DLP, Web Filter, CASB or SIEM.

Using these data sets, the algorithms build an individual’s cybersecurity human risk score and, indirectly, the department/division/organisation risk score. Using OutThink you will be able to identify high risk groups, analyse and understand why are certain people more likely to cause a breach (root cause).

Human Risk Intelligence is critically important because it answers three key questions:

1. Who are our high-risk groups / employees?
2. Why are these people more likely to cause a security breach?
3. How can we support them better?

You can see the change in your human risk exposure in real-time and investigate further if security attitudes / behaviours do not improve. Visualise human risk, deliver targeted interventions and prevent data breaches like never before. This is the power of human risk intelligence!