Founder and psychologist Niklas Hellemann knows how hackers work to deceive employees. Sosafe
“I’ve always been an exotic person,” says Niklas Hellemann, leaning back in his swivel chair in the glass-walled, four-story headquarters of Sosafe GmbH in Cologne-Ehrenfeld. As a doctor of psychology, he was previously noticed as a management consultant at the Boston Consulting Group. Now he is doing it again in the IT world by fighting internet criminals.
Four and a half years ago, Hellemann founded a cybersecurity startup together with the programming talent Felix Schürholz and business expert Lukas Schaefer, also a former consultant. Today, Sosafe serves over 4,000 customers, including Aldi Nord, energy supplier Vattenfall, Mediamarkt parent Ceconomy, football club Schalke 04 and the drugstore chain Rossmann.
Unlike other startups like VMRay, which uses X-ray AI to fend off hacker attacks, or Edgeless Systems, which securely encrypts data in the cloud, Sosafe does not focus on building a technical protective wall. The people of Cologne consciously focus on people. Sosafe wants to train employees so that they can more quickly recognize fake emails intended to obtain access data, so-called “phishing”. The approach is psychological: hackers exploit human behavior patterns and emotions such as helpfulness and impatience. They proceed in an organized and economical manner like companies. So to combat them, end users need to become better psychologists.
Startup fakes cyber attacks
According to Hellemann, there is no golden rule that can be used to uncover emails from cyber criminals. Rather, it’s about experience. Sosafe therefore relies on a combination in its training courses: Theoretical content should first be conveyed in a playful way “in small bites” using three-minute learning nuggets and short quiz questions. Companies can integrate the learning platform into their own cloud system. Practical exercises are then intended to deepen the learnings. To do this, the startup simulates cyber attacks: Sosafe randomly sends phishing emails to employees in the company throughout the year. If an employee falls for this, a learning session follows instead of punishment. The users are shown which signs they could have used to recognize the fake email. “End users are then particularly attentive,” says the behavioral psychologist.
In order to actually prevent “real” attacks, Sosafe has also introduced a reporting tool. If employees have a strange feeling, they can scan emails with the so-called “Phish Assist”. The system displays whether language or attached files are abnormal. The security team then checks the suspicion. According to Hellemann, the reporting rate among her customers is between 80 and 90 percent. The chat bot “Sofie” has recently also been supporting users by giving useful tips. Security officers are now using the tool to quickly inform employees of cyber threats. The startup offers its software in three different service packages, with prices depending on the number of employees.
These five cybersecurity startups could become really big, says an investor
“The paradigm in cybersecurity initially was to anticipate attacks and technically close this door,” says Hellemann. “The attackers are calm about it. They just take another door.” Their tactics are constantly changing. While previously malware was primarily sent via email attachments, attackers today also create fake landing pages, obtain authentication tokens through repeated SMS messages and impersonate CEOs in emails. They want to quickly encourage employees to transfer large amounts of money abroad. In order to collect information, fraudsters often called employees in advance.
In addition, professional life is increasingly mixing with private life, for example through fake profiles on Linkedin. In the middle of it all is always the human being. “The attack surfaces cannot be filtered out technically,” emphasizes the founder. For example, an employee of the Reddit platform was able to prevent major damage in February 2023 when he clicked on a phishing email and revealed his login details, but noticed the hack incident and immediately reported it to the security team.
Cyber crime costs the German economy over 200 billion euros
At other companies such as Uber, tire manufacturer Continental, the Dortmund IT service provider Adesso, which also supports the federal Ministry of the Interior and Transport, or the comparison portal Verivox, the data theft was only discovered long after network attackers had penetrated the systems. In addition to the loss of reputation, the costs incurred by the affected companies run into millions.
According to Study by the digital association Bitkom The German economy will have suffered financial losses of more than 200 billion euros due to cyber crime in 2022. Almost every company is affected. According to figures from the Federal Criminal Police Office, a total of around 137,000 cases of cybercrime were reported to the police last year – 6.5 percent fewer than in 2021. However, the authority assumes that the number of unreported cases is high. In addition to phishing, ransomware attacks are among the most common crimes. Hackers break into IT systems and encrypt data. The blackmailers demand a ransom for the decryption.
In addition, cyber attacks carried out from abroad are increasing, for example from Russia – increased by the war in Ukraine – as well as from China and North Korea. Bitkom President Achim Berg points out that the distinction between criminal gangs and state-controlled groups is becoming increasingly difficult. The latter use data theft both for their political agenda and for economic interests.
Sosafe founder Hellemann agrees. According to him, state actors and organized gangs balanced each other out. Geopolitical conflicts and global differences are contributing to the problem becoming more severe and unscrupulousness increasing. “It’s not always just espionage that countries carry out through cyber attacks,” says the psychologist. “Many people bring hard currency into the country through ransoms in the form of cryptocurrency because they don’t have a functioning economy.”
ChatGPT for hackers: Phishing emails are becoming better and easier to scale
Hellemann calls the officially registered cyber crimes “just the tip of the iceberg.” He observes that both the number of attacks and the types of malware are increasing overall. This also has to do with the emergence of artificial intelligence. Analogous to the ChatGPT voice assistant, the Darknet has spawned two AI models for hackers: They are called WormGPT and FraudGPT. For criminal groups, the tools have the main advantage of scaling their fraud business: Hackers can create a larger number of phishing emails in a shorter time and also increase the linguistic quality through better translations. “The stories are becoming more convincing and more difficult for technical defense systems to understand,” says Hellemann. Employees could now also increasingly fall victim to attacks.
Do you want to protect your startup from cyber attacks? Then put yourself in the shoes of the hackers
The founder is sure that the need for cyber training will therefore continue to increase. The demand for the Sosafe solution is constantly growing, says Hellemann. The pandemic, the transition to remote work and the introduction of new communication tools have led to a strong increase in customers. The startup now employs around 370 people and, in addition to its Cologne location, operates offices in Berlin, Amsterdam, London and Paris. In the coming months, Sosafe wants to further advance its expansion in Europe.
Rocket Internet and SAP invest in Sosafe
Most recently, the founders raised around 73 million US dollars from investors in January 2022, the equivalent of around 68 million euros. Oliver Samwer’s Rocket Internet fund, the SAP subsidiary Hybris, Acton Capital and the Berlin VC La Famiglia are among those involved in the startup. Hellemann generally does not talk about sales figures. Despite rapid growth in less than five years, the Cologne-based company, which sees itself as number two in the cybersecurity market worldwide, is still making high losses. According to the latest annual report, the startup made a loss of 9.2 million euros in 2021.
The prospect that, on the one hand, complex attacks by AI will increase and, on the other hand, simple attacks will occur on a massive scale, should give the people of Cologne a boost. The threat of cybercrime is becoming more and more real for companies: a recent Bitkom survey of 380 German companies showed that the majority expect a cyber attack in the next twelve months. Less than half feel well prepared for this.
“It mainly happens due to pain,” says Hellemann. “The experience of being hacked yourself or of a competitor being hacked makes companies react.” There is also a psychological reason for this: the prevention paradox of only caring when it really hurts.
This pitch deck earned cybersecurity startup Secfix millions