- OutKept, a cybersecurity startup which leverages the power of an ethical phisher community to help organizations prevent phishing, has raised a €500K seed round
- The round is led by Czech VC Presto Ventures and angel investors, with Presto providing €250K of the investment
- The investment will be used to scale the platform internationally and bring OutKept’s innovative approach for higher quality phishing simulations to new markets.
OutKept is a phishing simulation platform that help organizations reduce human cyber risk with automated high-quality phishing simulations that are created on their platform by an open community of ethical phishers.
The ethical phishers are rewarded for creating successful phishing emails with bounties, similar to bug bounty programs for ethical hackers. A smart, ‘Darwinistic’ algorithm ensures successful phishing emails are distributed more to relevant target groups, and less successful simulations are eliminated. This significantly boosts quality.
Over time, clients see less interactions with phishing emails, and alertness to phishing is maintained continuously without requiring campaign management or content creation by the IT manager. In just 2 to 3 months, OutKept typically reduces the amount of interactions with phishing emails by half.
“We started OutKept with the belief that cybersecurity is a real cat-and-mouse game, and so you better have many cats on your side. Community-based models and bounty rewards have proven themselves to be highly effective in cybersecurity, and with OutKept, we bring this logic to phishing prevention. Our phishing simulations are powered by a community of ethical phishers, some of them already leveraging the latest AI technologies just like real phishers do. We’re very happy to have raised funding that will allow us to reach many new organizations and ethical phishers around the world,” said Simon Bauwens, co-founder of OutKept.
Phishing scams keeps evolving
Over 90% of cyber attacks begin with or include phishing, which means they deserve the attention of organizations looking to protect themselves. As phishing attacks have doubled or tripled year over year since the corona pandemic, the increased concern of becoming the target of such an attack is driving the market.
Employees are often considered the weakest link, a risk that is addressed with human risk mitigating solutions like phishing simulation campaigns.
Phishing scams keep evolving, and therefore OutKept believes the ‘do-it-yourself with some templates’ approach is outdated: their open ethical phisher community, sometimes with a little help of AI, ensures their campaigns include up-to-date, targeted simulations around the world, in exchange for bounties. OutKept adds the educational feedback (the training) that users see when they interact with a phishing simulation email, eg. if they click on a suspicious link or share their credentials.
“It is remarkable to see that there are various platforms to combat hacking through a crowdsourced community, but virtually no solution that prevents phishing in a similar way. At the beginning of OutKept, we faced a technical challenge in turning phishing content, which could come from literally anyone, into secure content for training purposes. But with the support of our community and investors, and a fine piece of technology, we have successfully started our journey to bring bug bounty hunting to the world of social engineering.” Dieter Tinel, co-founder of OutKept, said in a statement.
The ethical phishers in the OutKept’s community earn more if their mails are more credible, just like in the real-world phishers. The application of a public community model and bug bounty reward system in (ethical) phishing leads to exceptional quality and diversity of simulations which is beneficial for organizations looking to train their employees in times of all time high numbers of phishing attacks.
For Presto Ventures, the company’s unique approach to tackling phishing threats is what has been crucial for making their investment.
”OutKept’s strategy of crowdsourcing potential phishing emails and educating their clients’ employees aligns perfectly with the current needs of enterprise security, especially in the face of increasingly sophisticated AI-fueled social engineering attacks. This proactive and educational approach is a key player in strengthening the weakest link in current enterprise cybersecurity: human awareness.” Eduard Kucera, partner Presto Ventures, explains.