Lukas Schaefer, Niklas Hellemann and Felix Schürholz want to prepare employees for hacker attacks as realistically as possible.
(Photo: SoSafe)
Dusseldorf Even a simple e-mail from a supposed colleague can become a trap: a wrong click on a link or an attached file can give hackers access to the entire company network. For Niklas Hellemann, founder of the cybersecurity start-up Sosafe, the shock of the alleged phishing attack is part of the business model. His company fakes hacker attacks, sends phishing emails or asks users to log on to certain websites. Anyone who falls into the trap will be redirected to their learning platform.
Instead of dry seminars, this platform relies on the human play instinct. Users take part in a kind of quiz, collect badges and can see their progress in a success overview. There are videos and courses.
“Gamification is also used in our industry,” says Hellemann. “We have to make employees part of the active defense.” The click rates are saved via an analytics dashboard and employers can view them anonymously.
The founders have already had success with their business idea: Hellemann has sold the “Cyber Awareness Software” to the retail chain Aldi, the energy company Vattenfall, the fashion brand Marc O’Polo and the drugstore chain Rossmann. Since it was founded in 2018, the number of employees has tripled to 250. The turnover is “in the eight-digit range”, Hellemann does not want to be more precise – i.e. at least ten million euros. Tendency: strongly increasing.
Top jobs of the day
Find the best jobs now and
be notified by email.
The interest of venture capitalists is correspondingly large, Sosafe collected 73 million US dollars a few days ago. The investors include the SAP subsidiary Hybris and the investment fund La Famiglia – Rocket Internet got involved in 2018.
The three founders Lukas Schaefer, Niklas Hellemann and Felix Schürholz want to use the investor money to strengthen their international business. Sosafe is currently active in 30 countries. Sosafe’s idea is not unique, the start-up competes with one of the world’s leading providers of intelligent phishing defense solutions from the USA, Cofense, and the US cybersecurity platform Knowbe4. Whoever buys the software acquires a license to use the product for a period of one to three years.
On average, cyber security costs 2.2 million euros
The demand for cybersecurity software is high. According to a study by the insurance company Hiscox, German companies spend an average of almost 2.2 million euros on protection against hacker attacks. On average, they have to pay over 20,000 euros if they are the victim of a cyber attack. This puts them in first place, ahead of companies in the US, Ireland, the UK, Belgium, the Netherlands, France and Spain.
“The costs of eliminating damage from cyber attacks are immense,” says Sosafe founder Hellemann. Therefore large and small companies are willing to spend money on the software. He even speaks of the “pain that entrepreneurs suffer”. Because sometimes hackers not only paralyze the company network – they can also make confidential data public or even sell it on to criminals.
Human safety risk: Gut feeling also protects
Behind Hellemann’s software is psychology. Since his studies, the qualified psychologist has been fascinated by the motives that influence human actions. “Most hacker attacks start with the human factor,” he says. “That’s why we have to focus on people when it comes to prevention.”
After graduating in 2010, Hellemann worked for six years as a consultant at the Boston Consulting Group, including in the context of personnel development projects. “There I got to know all kinds of mandatory training in DAX companies and developed a feel for the industry,” he says.
While Hellemann contributes his psychological expertise to Sosafe, his founding partners Schürholz and Schaefer continue to develop the platform technologically. As a software developer, Schürholz is familiar with the tech industry, and Schaefer, as a former management consultant at McKinsey, brings business knowledge to the table.
To identify phishing emails, Hellemann advises gut feeling. If the sender is a colleague, Hellemann recommends addressing the e-mail in question on other channels instead of opening it straight away. It is also helpful to question the hacker’s motives: “Is it really necessary to click on the link? Is pressure built up in the mail?” Anyone who sees through the psychological tricks of the criminals is less likely to fall into the trap.
More: Allianz: Cyber attacks are the greatest threat to companies worldwide