OutThink Human Risk Management

Provided by

Enquire about this course


Special Announcement - Recognised by Gartner, as an innovator for emerging security behaviour and culture programmes.

OutThink is a human risk management platform (SaaS) that deliveries targeted security awareness training based on employees; needs and level of risk. This is only the first step.

In the process, we get to know the employees - we measure their perceptions, intention to comply, sentiment and psychographic profile. This subjective data comes from employees;; interaction with the OutThink learning experiences.

At this point, OutThink is able to identify high risk users, segment the organisation and provide key insights into people;s attitudes towards security. This gives the CISO better visibility of human risk across the organisation and answers three fundamental questions:
  • Who are our high-risk groups / employees?
  • Why are these people more likely to cause a security incident / data breach?
  • How can we support them better?
  • Go Beyond Security Awareness. OutThink from OutThink Ltd. on Vimeo .

    OutThink further integrates with security systems (e.g., SIEM, CASB, EDR, Web Filter, Email DLP) that clients already have in place, to measure security behaviours - objective data.

    The OutThink unsupervised machine learning engine analysis subjective data in conjunction with objective data, to anticipate security breaches. We call this predicative human risk modelling, and it is important because it gives security teams the advanced warning required to manage the risk of likely security incidents and data breaches.

    Organisations are looking to reduce the risk of security breaches caused by employees. OutThink can support this by introducing solid measurement and scientific rigour, which will enable better human risk management decisions and drive efficiency.

    OutThink helps clients go beyond traditional security awareness training (SAT), to achieve long lasting behavioural change, specifically by:
    • Simplifying & automating security awareness
    • Delivering phishing simulations with Outlook, O365, G-suite reporting button
    • Delivering targeted training, based on employees needs and risk
    • Delivering intelligent content directly to the users - via Email, Slack or Teams
    • Providing unparalleled visibility into the cybersecurity human factor

    Teams Integration
    Named administrators are able to create campaigns and are sent campaign alerts, links to organization-wide summary reports via Teams.
    We are currently enhancing the Teams App to introduce the ground-breaking concept of delivering real-time interactive modules, nudges, quizzes and surveys directly in Teams. Live learner responses are sent via telemetry to OutThink servers, and supplement the web-based training data, for inclusion in standard reporting and human risk intelligence.

    Azure AD / OKTA Integration
    OutThink natively supports the System for Cross-Domain Identity Management (SCIM v2.0). This allows clients to automatically synchronize user populations between compliant identity management solutions (such as Okta, Azure Active Directory or OneLogin) and OutThink.

    EU, UK, US or UAE Hosting, in Azure
    The OutThink platform is primarily hosted on the Azure cloud in Europe, with the option of having customer personal data retained within the EU (Netherlands & Republic of Ireland), UK, US or UAE. Global Content Delivery Networks (CDN) and acceleration services ensure a high speed and efficient platform for customers around the world.

    Phishing Reporting Add-In
    The OutThink Phishing Reporting Add-In can be centrally deployed to all (or a subset) of your Outlook users via Office Centralised Deployment. The add-in seamlessly integrates with Outlook on the Web (OWA), Outlook Desktop, and Outlook for iOS / Android. OutThink are enhancing the Reporting Add-In functionality to support equivalent functionality within Google Workspace / Gmail.
    If a user decides to initiate the reporting action on a particular email, the Add-In will undertake a series of detective actions on the email, and will send relevant telemetry data to the OutThink servers, and/or relay emails to named administrators/SOC team personnel, and quarantine/remove the offending email from the user;s inbox. If require OutThink can also integrate with 3rd party phishing reporting button like Cofense, Proofpoint, Knowbe4, Ironscales, etc.

    Integrations with Client Security Systems (Phase 2 - TBC)
    OutThink will integrate with security systems clients have in place (e.g., Microsoft Defender, Sentinel), to measure user behaviours, by ingesting logs and events from the endpoint, network and cloud.
    OutThink analyses this data utilising unsupervised machine learning, based on robust scientific models (behavioural economics & psychology) to predict human risk. The OutThink ML algorithms then recommend improvement actions.


    OutThink delivers adaptive security awareness training (inc. phishing simulations) to users, giving defenders the overall human risk picture. This provides a solid foundation for risk-based decision making and treatment prioritisation.

    Improve Engagement - Give your employees a two-way communication channel, social learning experience to increase engagement

    Measurement - Identify users who are a risk of security incidents. What segments do they fall into and how to engage, how to better support them? With scientific models developed by Dr Shorful Islam and Professor Angela Sasse, the world;s leading voices for human-cantered security, it is now possible to demonstrate human risk reduction and programme success.

    Manage Human Risk - Understand and manage human risk. OutThink provides both automated (one-click) and manual improvement actions, form historically proven risk treatment methods.

    Targeted Interventions - OutThink gives teams the visibility required to deliver targeted interventions (security awareness training, workshops, reengineer processes, technology and tools) and manage the risk of data breaches caused by human behaviours more effectively.

    Adaptive Security Awareness Training
    Training that's relevant to your employees, reduces risk and productivity cost. The eLearning catalogue covers the full spectrum, as certified by the UK Government National Cyber Security Centre. It comprises of 29 short (5 - 10 min) interactive modules, with 2D animation. The content and user interface is available in 18 languages - Arabic, Czech, Danish, Dutch, English, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese (Brazil / Portugal), Romanian, Slovak, Spanish ( Spain / Mexico), Turkish.

    The OutThink dynamic content allocation engine delivers relevant training modules, based on employees; needs and risk. More security, more productivity.
    We use storytelling, real life scenarios and characters your employees can identify themselves with. These are accompanied by supporting materials such as short videos, newsletters, screensavers.

    OutThink has used an adapted version of Self Determination Theory to gamify the learning experience. High engagement during training, for example submitting a comment, rating a module, completing a module, taking the time to learn (not clicking through) are all rewarded with points. These draw on an individuals; need to demonstrate competence, autonomy, and social relatedness.

    Security awareness training topics covered:
    • Introduction to Information Security
    • Email Security & Phishing
    • Web Security
    • Malware Protection
    • Storage Media (portable devices)
    • Cloud Computing
    • Remote Working (public wi-fi use)
    • BYOD & Mobile Device Security
    • Encryption
    • Passwords
    • Social Engineering
    • Social Networking
    • Information Classification
    • GDPR (a suite of 5 modules)
    • Breach Response (incident reporting)
    • Physical Security & Clear Desk
    The content can be customised (translations cost), and bespoke modules can be developed (additional cost), if required. New assets are added all the time, to reflect changes in the threat landscape and ensure that your security awareness programme continues to deliver optimal results year after year.

    Phishing Simulations
    Most cyber-attacks against organisations start with a phishing email. Phishing is typically used to drop malware such as ransomware or a key logger. Even if technical security means exist to prevent phishing, such as email filtering, traffic monitoring and network protection, they cannot be completely effective because phishing involves an unpredictable parameter: human risk.

    Initially these emails were easy to recognise, and the security team could easily detect and remove them. Phishing emails have continually improved in design and content and are increasingly more targeted.

    In the last few years, we have seen well crafted, legitimate looking emails that used specific information about the organisation or the individual. By clicking on or responding to these emails an employee can potentially give access to sensitive data or have their credentials stolen.
    Security departments often cannot detect these phishing emails, but employees can.

    With the OutThink phishing simulations tool you can periodically send phishing emails to employees, understand the reasons behind the click and improve their ability to recognise phishing emails over time. Leveraging advancements in behavioural science, OutThink will move your users along the competence spectrum, through Notice> Aware> Demonstrating> Automaticity.

    The OutThink phishing simulations and education are backed up by established psychological behaviour change and decision-making theory, empirically tested interventions, and continual research focused on both end-user vulnerabilities and changes in attacker strategies. OutThink real-time interventions focus not just on decision-making during conscious thought, but also when in heuristic mode (which is 95% of the time). You don't just measure 'clicks' you;ll understand who, why and the best strategies to reducing the risk.

    Targeting all employees with simulated generic phishing attacks will establish a baseline, assess who needs more support and track long term phishing resilience improvements.

    Human Risk Intelligence
    Compliance is just the beginning. Go beyond compliance.

    The OutThink algorithms understand individual users, measuring their attitudes (intention, engagement, sentiment, psychographic segment) via telemetry, as they undergo cybersecurity awareness training. OutThink also measures users; security behaviours by integrating with the security systems clients have in place - e.g., EDR, Email DLP, Web Filter, CASB or SIEM.

    Using these data sets, the algorithms build an individual;s cybersecurity human risk score and, indirectly, the department/division/organisation risk score. Using OutThink you will be able to identify high risk groups, analyse and understand why are certain people more likely to cause a breach (root cause).

    Human Risk Intelligence is critically important because it answers three key questions:
  • Who are our high-risk groups / employees?
  • Why are these people more likely to cause a security breach?
  • How can we support them better?
  • You can see the change in y


    Start date Location / delivery
    No fixed date United Kingdom Book now
    01132207150 01132207150

    Related article

    The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,