This marks the 16th straight quarter of growth, driven by a continually increasing demand for our new-school approach to security awareness training. Melody was referred to KnowBe4 and immediately began phishing campaigns for her staff, telling only one other partner. Based on initial results, they identified the need for staff training and got buy-in from the rest of their partners. She trains staff to be vigilant about phishing and ransomware attacks and KnowBe4 makes her job easier because of the available resources on the platform. Creating your anti-phishing behavior management program according to these five principles will ensure that your program is seen as something that builds-up employees rather than tearing them down.
Manufacturing Sector Is the Latest Target of Advanced Credential Harvesting Attacks
Showing the same exact course over and over isn’t going to make much of a difference. Many vendors can provide recommendations and best practices. Start there and adjust over time according to what works for your environment. KnowBe4 also goes into Beta with AIDA™ (Artificial Intelligence Driven Agent™), which combines phishing, vishing, and smishing into a new attack vector coined as „aishing.”
Your communication strategy throughout the whole process is key. You want to tell a memorable story, the moral being you need cyber security awareness training. Use statistics and charts and graphs to support that story. Training topics include a mix of general, randomized, and targeted training issues, similar to the topics that real-world phishers will foist upon your end-users. Training is modified based on the results of previous testing and education, popular phishing trends, required custom corporate training, seasons, events and roles. For instance, around tax time, employees are more likely to get real-world phishing that is looking for their personally identifiable tax information.
- So, KnowBe4 Managed Services is more likely to send a simulated phish asking employees for their tax information (e.g. SSN, W-2, etc.), or ask Human Resource employees for bulk collections of that information (just like real-world phishers do).
- We want to educate users to stop and think before clicking or performing actions that can hurt themselves or the organization.
- No matter which tool you use, even if you are using a homegrown program, you need to send a social engineering test like a phishing test to users at least every 30 days.
Old school Security Awareness Training doesn’t hack it anymore. Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. KnowBe4’s Security Awareness Training starts with a baseline test to show the actual Phish-prone percentage of your users. Then it steps users through effective, interactive, on-demand browser-based training. As step three, you send frequent simulated phishing attacks to your employees to reinforce the training.
The Only Platform That Truly Addresses the Human Element of Cybersecurity
How this works is that the fake worker asks to get their workstation sent to an address that is basically an „IT mule laptop farm”. They then VPN in from where they really physically are (North Korea or over the border in China) and work the night shift so that they seem to be working in US daytime. The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs. It’s good we have new employees in a highly restricted area when they start, and have no access to production systems. Our controls caught it, but that was sure a learning moment that I am happy to share with everyone. The EDR software detected it and alerted our InfoSec Security Operations Center.
Watch the Webinar: Why It’s Time for Your Organization to Start Leveraging a Security Awareness Vendor
So, KnowBe4 Managed Services is more likely to send a simulated phish asking employees for their tax information (e.g. SSN, W-2, etc.), or ask Human Resource employees for bulk collections of that information (just like real-world phishers do). Around big holidays, like New Year’s and Christmas, holiday-related simulated phishing tests and education are likely to be given. One of the first things KnowBe4 Managed Services does is send a baseline phishing campaign to all of your (selected) users and report back user response actions (as graphically represented below). One of the Big Four accounting companies chooses KnowBe4 for its security awareness training program worldwide.
Why Security Awareness Training?
With a record number of over 750 new corporate accounts in December alone and a very robust 88% customer retention rate, our client list grows to over 8,000 enterprise accounts. It was built to scale for busy IT pros who have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.
Once you have a better understanding of your organization’s risk, you can start working to mitigate that risk. KnowBe4 is taking on the monumental challenge of conquering human error in cybersecurity. Unfortunately, no matter how sound your cyber-defenses are, the wrong human error can bring your whole system down. June 2020 is a month of achievements, including the highest sales per day, highest sales per month, highest PhishER sales, second-best quarter, and amazing international sales. In Q3 of 2019, KnowBe4 achieves 55% growth over Q3 2018, increasing customer accounts to well over 28,000. KnowBe4 again almost doubles year-over-year sales in Q3 2018, for 22 straight quarters of growth.
Request A Demo: Security Awareness Training
Users will be shown what required and optional training is waiting for them, and they will be allowed to evaluate all training at the end so that admins can ensure its effectiveness. Your organization’s logo can be placed on many pieces of training content (as simulated below). PAB is a separate installable program that can be integrated with Google Gmail or Microsoft Outlook email clients, including browser and mobile versions. Knowbe4 hires seasoned finance and tech executive Krish Venkataraman as CFO to support our rapid growth strategy. We also release a massive upgrade of our platform, which now includes AI and Machine Learning to deliver game-changing new Advanced Reporting, as well as the Virtual Risk Officer functionality.
Anything you can deliver that conveys your message and elicits some kind of thinking, engagement or reaction is considered content. Discover why nearly 70,000 organizations use the KnowBe4 platform to improve their security awareness training while reducing the risk that phishing and other social engineering threats pose. People who successfully handle a simulated phishing test will be sent a landing page indicating their success, reinforcing their appropriate actions to incentivize continued appropriate handling in the future.
The SOC called the new hire and asked if they could help. We shared the collected data with our friends at Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings. The picture you see is an AI fake that started out with stock photography (below). The detail in the following summary is limited because this is an active FBI investigation. Phishing campaigns are started by selecting one or more phishing templates, which form weak currency definition & example the bulk of the information used in a particular phishing campaign instance.
Any time you are presenting data numbers, don’t leave the interpretation up for chance. The ‘what’ is the data, with every ‘what’ comes a so what? Any time you have a what, you need to answer the so what and the Trend trading now what, otherwise you’re leaving one or both of those things up for interpretation and that’s a chance you cannot afford to take.
Then, and thereafter, your organization’s data (based on who responds to simulated phishing tests and who takes what educational experience) drives future education and testing. Usually, taking that next step in looking for an outside vendor means you are looking for help with frequency, providing the right kind of content, and the ability to couple that with the 10 best blockchain stocks to buy correct activities that should be happening like simulated phishing. It can be appealing to do it on your own because you have complete control. However, everything is manual and it’s really hard to be good at (let alone have time for) creating a really robust security awareness program with a good variety of content. When you think of cyber security awareness training content, the first thing that comes to mind is probably traditional courses in an LMS. Other examples include videos, games, blog, webinars, posters, messaging on swag, self-produced content, newsletters, email content, etc.
Leave A Comment