Content, Channel partners, Security Program Controls/Technologies

Mimecast Buys Ataata to Audit, Elevate Workers’ Cybersecurity Awareness

Credit: Getty Images
Michael Madon
Michael Madon
Peter Bauer

Statistically speaking, nearly every data breach owes its success to human error -- somebody inadvertently or unknowingly leaves a data door ajar in one way and the hackers reliably pounce.

The remedy, as universally claimed, is changing an organization’s security culture by teaching employees to recognize that they’re the last line of defense through awareness, training and education. Mimecast, which secures emails from hackers, acknowledged both the problem and the solution with its acquisition on Tuesday of Ataata, whose security awareness training and cyber risk management platform helps organizations combat data breaches caused by employee mistakes.

Terms of the deal were not disclosed. On an organizational level, Ataata’s products and services will be integrated into Mimecast’s existing offerings.

What’s in it for Mimecast?

  • A full service portfolio.The buyout gives Mimecast a ready-made, cloud-based cybersecurity training platform to offer customers that’s purpose-built to minimize employee security mistakes. The platform is a mixture of training, education and data analysis.
  • A scorekeeper. Ataata’s technology calculates an employee’s security risk based on monitoring their sentiment and behavior. Based on the results, the staffer will be properly trained to reduce the chances they’ll be victimized by cybersecurity threats. In this case, lower is better -- the idea is to decrease the employee’s cybersecurity risk score to acceptable levels.
  • Resources. Training is considered hard to implement with organizations often lacking resources and the right content to help raise the awareness among employees of potential cybersecurity threats, Mimecast said. Now the email security specialist has an answer for that problem.

To cement its point, Mimecast pointed to a study it conducted in May showing that 90 percent of 800 organizations surveyed had seen phishing attacks increase over the last year but only 11 percent had responded with training to help employees spot cyber attacks.

“Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn’t work,” said Peter Bauer, Mimecast CEO. “As cyberattacks continue to find new ways to bypass traditional threat detection methods, it’s essential to educate your employees in a way that changes behavior.”

And, for Ataata? The tie-in with the Lexington, Massachusetts-headquartered Mimecast increases the duo’s potential to claim a larger stake in the security awareness, computer-based training market, which researcher Gartner projects will grow to more than $1.1 billion by year-end 2020. Ataata, which last December landed $3 million in venture backing, also gains a boatload of sales prospects -- Mimecast claims some 30,000 outfits use its technology.

“Our customers rely on engaging content at the human level, which helps to change behavior at the employee-level,” said Michael Madon, CEO and co-founder of the Bethesda, Maryland-based Ataata. ”We’re excited to join forces with Mimecast to help customers build a stronger cyber resilience strategy that includes robust content, risk scoring and real-world attack simulation -- going way beyond basic security awareness capabilities.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.