Overview

OutThink is a human risk management platform (SaaS) that deliveries targeted security awareness training based on employees’ needs and level of risk. This is only the first step.

In the process, we get to know the employees – we measure their perceptions, intention to comply, sentiment and psychographic profile. This subjective data comes from employees;’ interaction with the OutThink learning experiences.

At this point, OutThink is able to identify high risk users, segment the organisation and provide key insights into people’s attitudes towards security. This gives the CISO better visibility of human risk across the organisation and answers three fundamental questions:

  1. Who are our high-risk groups / employees?
  2. Why are these people more likely to cause a security incident / data breach?
  3. How can we support them better?

Go Beyond Security Awareness. OutThink from OutThink Ltd. on Vimeo.

OutThink further integrates with security systems (e.g., SIEM, CASB, EDR, Web Filter, Email DLP) that clients already have in place, to measure security behaviours – objective data.

The OutThink unsupervised machine learning engine analysis subjective data in conjunction with objective data, to anticipate security breaches. We call this predicative human risk modelling, and it is important because it gives security teams the advanced warning required to manage the risk of likely security incidents and data breaches.

Organisations are looking to reduce the risk of security breaches caused by employees. OutThink can support this by introducing solid measurement and scientific rigour, which will enable better human risk management decisions and drive efficiency.

OutThink helps clients go beyond traditional security awareness training (SAT), to achieve long lasting behavioural change, specifically by:

  • Simplifying & automating security awareness
  • Delivering phishing simulations with Outlook, O365, G-suite reporting button
  • Delivering targeted training, based on employees needs and risk
  • Delivering intelligent content directly to the users – via Email, Slack or Teams
  • Providing unparalleled visibility into the cybersecurity human factor
Read more

Prerequisites

Teams Integration
Named administrators are able to create campaigns and are sent campaign alerts, links to organization-wide summary reports via Teams.
We are currently enhancing the Teams App to introduce the ground-breaking concept of delivering real-time interactive modules, nudges, quizzes and surveys directly in Teams. Live learner responses are sent via telemetry to OutThink servers, and supplement the web-based training data, for inclusion in standard reporting and human risk intelligence.

Azure AD / OKTA Integration
OutThink natively supports the System for Cross-Domain Identity Management (SCIM v2.0). This allows clients to automatically synchronize user populations between compliant identity management solutions (such as Okta, Azure Active Directory or OneLogin) and OutThink.

EU, UK, US or UAE Hosting, in Azure
The OutThink platform is primarily hosted on the Azure cloud in Europe, with the option of having customer personal data retained within the EU (Netherlands & Republic of Ireland), UK, US or UAE. Global Content Delivery Networks (CDN) and acceleration services ensure a high speed and efficient platform for customers around the world.

Phishing Reporting Add-In
The OutThink Phishing Reporting Add-In can be centrally deployed to all (or a subset) of your Outlook users via Office Centralised Deployment. The add-in seamlessly integrates with Outlook on the Web (OWA), Outlook Desktop, and Outlook for iOS / Android. OutThink are enhancing the Reporting Add-In functionality to support equivalent functionality within Google Workspace / Gmail.
If a user decides to initiate the reporting action on a particular email, the Add-In will undertake a series of detective actions on the email, and will send relevant telemetry data to the OutThink servers, and/or relay emails to named administrators/SOC team personnel, and quarantine/remove the offending email from the user’s inbox. If require OutThink can also integrate with 3rd party phishing reporting button like Cofense, Proofpoint, Knowbe4, Ironscales, etc.

Integrations with Client Security Systems (Phase 2 – TBC)
OutThink will integrate with security systems clients have in place (e.g., Microsoft Defender, Sentinel), to measure user behaviours, by ingesting logs and events from the endpoint, network and cloud.
OutThink analyses this data utilising unsupervised machine learning, based on robust scientific models (behavioural economics & psychology) to predict human risk. The OutThink ML algorithms then recommend improvement actions.

Read more

Outline

OutThink delivers adaptive security awareness training (inc. phishing simulations) to users, giving defenders the overall human risk picture. This provides a solid foundation for risk-based decision making and treatment prioritisation.

Improve Engagement – Give your employees a two-way communication channel, social learning experience to increase engagement

Measurement – Identify users who are a risk of security incidents. What segments do they fall into and how to engage, how to better support them? With scientific models developed by Dr Shorful Islam and Professor Angela Sasse, the world’s leading voices for human-cantered security, it is now possible to demonstrate human risk reduction and programme success.

Manage Human Risk – Understand and manage human risk. OutThink provides both automated (one-click) and manual improvement actions, form historically proven risk treatment methods.

Targeted Interventions – OutThink gives teams the visibility required to deliver targeted interventions (security awareness training, workshops, reengineer processes, technology and tools) and manage the risk of data breaches caused by human behaviours more effectively.

Adaptive Security Awareness Training
Training that's relevant to your employees, reduces risk and productivity cost. The eLearning catalogue covers the full spectrum, as certified by the UK Government National Cyber Security Centre. It comprises of 29 short (5 - 10 min) interactive modules, with 2D animation. The content and user interface is available in 18 languages - Arabic, Czech, Danish, Dutch, English, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese (Brazil / Portugal), Romanian, Slovak, Spanish ( Spain / Mexico), Turkish.

The OutThink dynamic content allocation engine delivers relevant training modules, based on employees’ needs and risk. More security, more productivity.
We use storytelling, real life scenarios and characters your employees can identify themselves with. These are accompanied by supporting materials such as short videos, newsletters, screensavers.

OutThink has used an adapted version of Self Determination Theory to gamify the learning experience. High engagement during training, for example submitting a comment, rating a module, completing a module, taking the time to learn (not clicking through) are all rewarded with points. These draw on an individuals’ need to demonstrate competence, autonomy, and social relatedness.

Security awareness training topics covered:

  • Introduction to Information Security
  • Email Security & Phishing
  • Web Security
  • Malware Protection
  • Storage Media (portable devices)
  • Cloud Computing
  • Remote Working (public wi-fi use)
  • BYOD & Mobile Device Security
  • Encryption
  • Passwords
  • Social Engineering
  • Social Networking
  • Information Classification
  • GDPR (a suite of 5 modules)
  • Breach Response (incident reporting)
  • Physical Security & Clear Desk

The content can be customised (translations cost), and bespoke modules can be developed (additional cost), if required. New assets are added all the time, to reflect changes in the threat landscape and ensure that your security awareness programme continues to deliver optimal results year after year.

Phishing Simulations
Most cyber-attacks against organisations start with a phishing email. Phishing is typically used to drop malware such as ransomware or a key logger. Even if technical security means exist to prevent phishing, such as email filtering, traffic monitoring and network protection, they cannot be completely effective because phishing involves an unpredictable parameter: human risk.

Initially these emails were easy to recognise, and the security team could easily detect and remove them. Phishing emails have continually improved in design and content and are increasingly more targeted.

In the last few years, we have seen well crafted, legitimate looking emails that used specific information about the organisation or the individual. By clicking on or responding to these emails an employee can potentially give access to sensitive data or have their credentials stolen.
Security departments often cannot detect these phishing emails, but employees can.

With the OutThink phishing simulations tool you can periodically send phishing emails to employees, understand the reasons behind the click and improve their ability to recognise phishing emails over time. Leveraging advancements in behavioural science, OutThink will move your users along the competence spectrum, through Notice> Aware> Demonstrating> Automaticity.

The OutThink phishing simulations and education are backed up by established psychological behaviour change and decision-making theory, empirically tested interventions, and continual research focused on both end-user vulnerabilities and changes in attacker strategies. OutThink real-time interventions focus not just on decision-making during conscious thought, but also when in heuristic mode (which is 95% of the time). You don't just measure 'clicks' you’ll understand who, why and the best strategies to reducing the risk.

Targeting all employees with simulated generic phishing attacks will establish a baseline, assess who needs more support and track long term phishing resilience improvements.

Human Risk Intelligence
Compliance is just the beginning. Go beyond compliance.

The OutThink algorithms understand individual users, measuring their attitudes (intention, engagement, sentiment, psychographic segment) via telemetry, as they undergo cybersecurity awareness training. OutThink also measures users’ security behaviours by integrating with the security systems clients have in place - e.g., EDR, Email DLP, Web Filter, CASB or SIEM.

Using these data sets, the algorithms build an individual’s cybersecurity human risk score and, indirectly, the department/division/organisation risk score. Using OutThink you will be able to identify high risk groups, analyse and understand why are certain people more likely to cause a breach (root cause).

Human Risk Intelligence is critically important because it answers three key questions:

  1. Who are our high-risk groups / employees?
  2. Why are these people more likely to cause a security breach?
  3. How can we support them better?

You can see the change in your human risk exposure in real-time and investigate further if security attitudes / behaviours do not improve. Visualise human risk, deliver targeted interventions and prevent data breaches like never before. This is the power of human risk intelligence!

Read more

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

Required Star = Required
Certification = Certification
AppSec
Cloud Security
Cyber Management
Cyber Security Risk
Cyber Tech
DFIR Digital Forensics & Incident Response
Industrial Controls OT
NIST Pathway
Offensive Security
Privacy
Security Auditor
Secure Coding
Cyber Blue Team
Vulnerability Assessment & Penetration Testing
Emerging Tech
Business Continuity & Resilience
Counter Fraud

Frequently asked questions

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

Learn more about our Virtual Classrooms.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

Learn more about QA’s online courses.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Contact Us

Please contact us for more information