Anagram, a New York-based startup, is taking a bold step in revolutionizing employee cybersecurity training with its innovative, gamified approach. Despite yearly cybersecurity training courses, human-driven breaches continue to plague organizations, and Anagram aims to change this narrative.
The company's platform offers hands-on security training for enterprises, featuring bite-sized videos and personalized interactive puzzles designed to teach employees how to spot suspicious emails and communication. This approach marks a significant departure from the traditional once-yearly, lengthy training sessions that often fail to engage employees.
Co-founder and CEO Harley Sugarman drew inspiration from popular platforms like TikTok, Duolingo, and Khan Academy, which have successfully changed user behavior outside of the security space. Anagram's training activities include tasks like having employees create their own personalized phishing emails to teach them how to spot sophisticated campaigns against themselves.
Sugarman's initial venture, Cipher, launched in 2022, focused on upskilling enterprise cybersecurity employees using the "capture the flag" training approach. However, chief information science officers (CISOs) expressed a more pressing concern: the vulnerability of their non-security employees. This realization prompted Cipher to pivot in January 2024 and rebrand as Anagram, focusing on solving this critical issue.
Anagram has seen significant growth since its pivot, securing customers like Thomson Reuters, MassMutual, and Disney. The company recently raised a $10 million Series A round led by Madrona, with participation from General Catalyst, Bloomberg Beta, and Operator Partners, among others. The funds will be used to build out its sales team and continue improving the product.
Sugarman claims that Anagram's approach has already brought company phishing failure rates down from 20% to 6%, with the goal of reaching near-zero failure rates. The startup's timing is crucial, as the advancement of generative AI is expected to make social engineering campaigns more personalized and challenging to detect.
Anagram is also developing an AI agent that will sit in enterprise employees' emails, trained to flag potential cybersecurity slip-ups before they happen. This agent will provide safeguards like prompting users to confirm sensitive information sharing, further enhancing the platform's effectiveness.
Sugarman remains optimistic about humans' ability to adapt and learn, citing achievements like building skyscrapers and space travel. He believes that with the right approach, people can learn to avoid suspicious links and prevent cybersecurity breaches.
As the cybersecurity landscape continues to evolve, Anagram's innovative approach may be the key to empowering employees to become a strong line of defense against increasingly sophisticated threats.