Cybersecurity and fun aren’t usually mentioned in the same sentence – but an up-and-coming Ottawa software firm is hoping to change that.
Founded in 2019, Click Armor trains workers how to spot so-called phishing attacks – that is, fake emails and text messages that fraudsters use to steal money or sensitive data from unsuspecting victims.
Click Armor’s revenues have risen steadily during the pandemic as cyber-fraud incidents skyrocketed with more people working from home, away from corporate IT departments, on computers and other devices that often have lax security features.
But co-founder and CEO Scott Wright – who cut his teeth at Mitel and later spent four years as a product manager at IT security giant Entrust before embarking on a long career as a consultant – says what really separates his platform from the pack is its ability to educate users about cyberattacks in a format they actually enjoy.
“There were solutions out there that had some technology … but what I discovered was nobody was really learning from it,” Wright says of old-school training simulations that usually required employees to passively absorb information, then answer a series of questions.
Old-school training 'boring'
“People generally aren’t really on board with it to start with. They don’t think that’s why they were hired, they don’t have time, it’s too vague, it’s boring. All of those things impact whether people actually engage when they’re doing the training.
“As a result, you get very simplified training just so people will do it, and it doesn't really help them learn how to defend against phishing or social engineering.”
Inspired by “gamification” strategies that aim to make learning fun by turning it into a friendly competition, Wright set out to create a new kind of cybersecurity education tool – one that people looked forward to using.
Click Armor’s modules award users points for answering questions correctly or accurately flagging emails as safe or suspicious. The game-like atmosphere is enhanced through features such as a leaderboard, and participants are given immediate feedback if they provide wrong answers.
Wright says the company’s research shows the gamified training approach boosts users’ ability to suss out phishing scams by up to 50 per cent.
“This really is much more interactive, and it keeps people engaged and thinking as they move through it,” he explains.
Click Armor’s platform now has tens of thousands of users. Its growing customer base includes Calian Group, one of the city’s largest publicly traded companies, as well as Ottawa cybersecurity firm 2Keys and IT provider TRM Technologies.
"It’s a pretty global kind of market for us, and the U.S. is pretty accessible."
Originally bootstrapped, the startup joined Invest Ottawa’s accelerator and Kanata's L-Spark incubator and found an enthusiastic backer in the Capital Angel Network. Last week, it announced its newest financing partner, the Business Development Bank of Canada, which is contributing to a six-figure funding round.
Now at seven employees, Click Armor plans to use the fresh equity to beef up its sales and marketing team as it targets customers south of the border and beyond.
“It’s a pretty global kind of market for us, and the U.S. is pretty accessible,” says Wright.
He and co-founder Stephen Grant, whose resume includes a three-year stint as VP of operations at Ottawa’s Magmic Games, believe the future is now for Click Armor as the spectre of cyber fraud grows by the day.
Wright says $6 trillion is lost to cyber crimes every year – more than all IT spending combined – and 90 per cent of security breaches can be directly traced to phishing attacks and other “social engineering” scams.
“There are solutions out there that companies are using right now, but they don’t realize that they could be doing a lot better,” he says. “We really need a quantum leap in the ability to get people to manage their own risks.”