Skip to content
+1 512 696 1522
Facebook page opens in new windowTwitter page opens in new window
LUCY Security
LUCY Security
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)

BLOG, NEWS AND PRESS

Mar282019
BlogNewsPress

LUCY Security: Enabling companies to improve their IT security awareness

Cyber threats have multiplied at a fast rate. Today, no sector is left behind when it comes to threats and attacks, especially the financial sector. When an organization is under threat, it involves both outside actors as well as internal employees. Take a look at LUCY Security: it is a company with almost 20 years of experience in supporting companies in the field of IT security. With such vast experience, LUCY slowly evolved to understand that a technical solution alone cannot solve the security problems and that employees are an important part of the company-wide security policy.

Let’s hear more about the company’s journey in a tete-a-tete with Oliver Münchow, the Founder of LUCY Security:

Brief us about LUCY and how it all started.

The Swiss financial industry has been virtually attacked by cybercriminals since the beginning of the Internet. For this reason, we started offering penetration tests as early as 1998 to evaluate the IT infrastructure of the industry and recommend potential improvements. LUCY is basically  software that allows you to test your security and help it evolve against cyber threats, on both the people’s side and the system’s side simultaneously. The software offers the ability to run phishing simulations, awareness training, technology assessments, malware simulations, or simulated ransomware attacks. Our customers include energy companies, financial services, government agencies, healthcare and manufacturing industries, as well as other global organizations.

A cybersecurity company has two big responsibilities, one – to secure itself from being attacked and two –securing other companies against attacks. How do you manage both?

Most security companies focus on only a niche area and do not have the expertise in protecting themselves in all other areas. RSA is the best example: I remember when their website actually was breached in the early 2000s and some hacker made fun about the “most trusted name on the internet.” 10 years later RSA got hacked again on a large scale. So, the answer is: security is challenging and very difficult.

It starts with the appropriate communication strategy. I personally know that being a security company, challenges and attracts hackers. Unless you are sure your security is really tight, I would also be very careful in my communication strategy and avoid sentences like “most trusted name”, “most secure solution.” In our case, it probably doesn’t hurt, that our team did penetration tests and ethical hacking attacks for more than 20 years. If you are working as an ethical hacker, you also get a better understanding of protection.

Tell us about your products and services.

LUCY software allows companies to take on the role of an attacker to discover and eliminate existing weaknesses in both the technical infrastructure and the staff. We have 4 main modules: Test Employees, Educate Employees, Engage Employees, and Technical Tests.

Test Employees includes spear phishing simulations, SMS & portable media attacks, file attacks (PDF, Java, Macro, etc.), and website cloner etc. Educating Employees includes activities like interactive online & offline training content, customizable e-learning movies, role and reputation-based training, and integrated LMS with SCORM export/import. We Engage Employees with mail plugin (Outlook, Gmail, O365, etc.), e-mail incident analysis, and e-mail threat mitigation. Lastly, Technical Tests are exposure to malware attacks, detection of browser vulnerabilities, spoofing & ransomware simulation, mail and web filter tests, and darknet exposure (leaks, Tornet, P2P etc.).

How do you manage to serve the needs of the highly volatile IT industry?

The question indicates that the IT industry is volatile. When it comes to investments & valuation, I agree. But when I look at cybersecurity: I see mainly volatility in how we label certain technologies, giving the users the feeling there are a lot of changes. When I look at our specific sector, the employee behind the computer is an entry point for attacks – hardly anything has changed in the last 20 years.

For example, in 1997 the Chaos Computer Club showed how they can steal money from users through phishing by tricking them to click a link by asking: “you want to become a millionaire in 5 minutes?” In 2019, we see the exact same type of attack floating around. Not using ActiveX anymore, but still aiming at humans who continuously seem to show some resistance to the awareness.

Do you think robotics and AI might be able to help defend against incoming cyber-attacks?

We see already great support from AI-driven software to detect and combat attacks. But we really have to be careful when we use the word “AI”. This is more of a populist term, as there isn’t such a thing as a real AI. We are at a very early stage where machine learning algorithms act as supporting tools to deal with a lot of input data. In the end, what is labeled AI is not much more than some smart statistical analysis. So, if companies claim to provide “AI-driven” solutions in combating cyber-attacks, in reality, they’re leveraging machine learning techniques at best. But in the future, we will see improvements in this area.

Do you have the skills required to cope with the fast paced change of technology in security?

As mentioned before: I do not see such a change when it comes to technologies used for attacking. The terms and terminology have changed, but not the underlying technology. I’ll give you an example: In 2017 and 2018 I read articles that talk about new attacks like Smishing, referring to a new security threat that targets smartphones by texting. The underlying protocol (SMS) was developed in 1996 and has basically not changed! I remember sending spoofed messages to my colleagues in the same office: my colleague Sven suddenly got an SMS from his buddy Sean, sitting next to him “YOU STINK- TAKE A SHOWER!” I watched them argue about the SMS with tears in my eyes! I learned many years later, that this technology is nothing but Smishing.

What do you feel are the reasons behind your service popularity?

Our service is free for companies up to 500 users. It is better than anything that exists out there. We have created our service with passion about the topic, which boosts our popularity.

What do you think is the next big thing in the security marketplace?

Affordable and better security awareness training. As a security awareness provider, I might be slightly biased in my rating!

Meet the Security Guru

Oliver Münchow, Founder

Oliver created LUCY software with a project at a Swiss bank, which had a requirement of an on-premise solution to test and cyber security phishing awareness training, where passwords never leave the perimeter. At that point in time in 2015, such a solution didn’t exist and Oliver was instrumental in finding it. Before LUCY Security, he was involved in penetration testing for a very long time. He then started other companies, but not all were in the field of IT. For instance, his art gallery is still present somewhere in the heart of Zürich!

“Up to today, we’ve educated more than 7 million users with more than 8,000 LUCY installations worldwide.”

“With LUCY, we developed a unique tool that allows you to test your security and help it evolve against cyber threats on both the people side and the system side simultaneously.”

Categories: Blog, News, PressBy adminMarch 28, 2019
Share this article
Share on FacebookShare on Facebook TweetShare on Twitter Pin itShare on Pinterest Share on LinkedInShare on LinkedIn Share on WhatsAppShare on WhatsApp

Author: admin

Post navigation

PreviousPrevious post:LUCY Security AG at booth #13 GISEC (https://www.gisec.ae/) from 1–3 APRIL 2019 | DWTC, UAENextNext post:xorlab and Lucy announce partnership

Related Posts

New LUCY Security Release 4.8.4
January 3, 2022
LUCY Security presents User Awards 2021
December 27, 2021
LUCY Security presents international Partner Awards 2021
December 17, 2021
LUCY Software NOT affected by the Log4j Bug
December 13, 2021
New LUCY Security Release 4.8.3
November 10, 2021
LUCY Security Acclaimed by Frost & Sullivan for Developing Security Awareness Training (SAT) Solutions with Its E-learning Platform
November 9, 2021
Recent Posts
  • New LUCY Security Release 4.8.4
  • LUCY Security presents User Awards 2021
  • LUCY Security presents international Partner Awards 2021
  • LUCY Security at ASIS Europe 2022 in Prague from May 22-24
  • LUCY Software NOT affected by the Log4j Bug
Archives
  • January 2022
  • December 2021
  • November 2021
  • August 2021
  • May 2021
  • April 2021
  • March 2021
  • January 2021
  • December 2020
  • September 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • June 2018
  • March 2018
  • November 2017
Categories
  • Blog
  • Event
  • Local Event
  • News
  • Press
  • ReleaseNote
  • Resources
  • TechBlog
  • Video
CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

SEARCH
CONNECT

Find us on:

Facebook page opens in new windowTwitter page opens in new windowYouTube page opens in new windowLinkedin page opens in new window
INFORMATION
  • Home
  • Solution
  • Editions
  • Resources
  • About us
  • Support Wiki
  • Contact
  • Demo request
LANGUAGE
  • English
LUCY Security
All Rights Reserved 2022











Noted in the press

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Privacy PolicyCookie PolicyACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.