High-profile breaches spark explosive demand for security awareness training

KnowBe4, provider of the world’s most popular integrated platform for security awareness training and simulated phishing testing, has seen explosive growth for eight consecutive quarters.

Noteworthy data breaches in the first half of 2015 such as Anthem and OPM, affecting millions, have left CEOs and CISOs alike scrambling for a way to manage the problem of social engineering. Even the FBI is getting in on the act, prompting an alert on 23 June, 2015. As a result, security awareness training has gone from lunchroom-to-boardroom in priority, exceeding a billion in worldwide annual revenue.

“People are used to having a technology solution [but] social engineering bypasses all technologies, including firewalls. Technology is critical, but we have to look at people and processes. Social engineering is a form of hacking that uses influence tactics,” said KnowBe4’s Chief Hacking Officer Kevin Mitnick.

"With the average cost of a data breach skyrocketing and costs of ransomware infections running over $18,000 (£11,500) per victim, relegating security awareness training to an annual lunchtime ‘death by PowerPoint’ is no longer a viable option,” said KnowBe4 CEO Stu Sjouwerman. “Furthermore, many companies were caught by surprise when they found their backups failed after a ransomware infection, underlining a need for more proactive action. Since we are the only company to offer a crypto-ransom guarantee (we cover the ransom in Bitcoin if our customer gets hit with ransomware after training their users), we moved up on the priority list.”

Risk managers know it is far cheaper to train users than pay the fines and heavy costs associated with a data breach, estimated by Juniper Networks to account for $2.1 trillion (£1.3 trillion) by 2019.

A recent study from Osterman Research, shows 5 out of 6 of the most serious concerns of security-focused decision makers are directly related to phishing or its aftermath. The study stated: “It is important to invest sufficiently in employee training so that the “human firewall” can provide the best possible initial line of defense against increasingly sophisticated phishing and other social engineering attacks.”

KnowBe4 has seen explosive triple digit growth for the past 4 years and Q2 2015 was more than 350 per cent over Q2 2014, with over 1,500 enterprise accounts using it to manage the problem of phishing and social engineering. The largest growth has been in the financial sector, an area targeted four times as often as other industries.

The financial sector has taken the initiative to move away from compliance-focused annual “breakroom” approach to a more effective behavioural-based approach, using Kevin Mitnick Security Awareness Training, teaching users how to recognise threats with a combination of on-line, on-demand training and simulated phishing attacks that arrive in their inbox at work.

The post Security Awareness Training Goes from Lunchroom to Boardroom appeared first on IT SECURITY GURU.

Image credit: Shutterstock/Tashatuvango