Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Strengthening the weakest link in SMB security

Stu Sjouwerman, KnowBe4

19-August-2015 How’d you like the benefits of 30+ years hacking experience?

The technology you throw (or deploy) at security does not matter. Your workstations will still be infected on a regular basis.
Because the weak link in IT security is human.

KnowBe4 is a security training company founded by veteran AV executive Stu Sjouwerman and Kevin Mitnick, who is arguably the most famous hacker ever, and certainly the first one ever prosecuted by a federal government [persecuted by one particular status-seeking state agent is more accurate].

“Training with Kevin is a good additional layer on top of what security is already there,” Sjouwerman said. “The course is a result of a brain dump of his 30+ years first-hand social engineering and hacking experience.”

Consider four people on the job at their workstations, focusing on the most important attack vectors, to get them aware of how easy it is to get into networks.

“We position ourselves as a security company, but if you look at what we’re doing, it’s a three-step process,” said Sjouwerman. “First we allow our customers to upload users, and complete a baseline test of the phish-prone percentage of each user.

“Step 2 is when everyone goes through interactive online training, which Kevin and I built, called Kevin Mitnick Security Awareness Training”.

After training, users typically say, “Wow I didn’t know it was that bad out there. How do I share this with my family?”

For Step 3 customers are provided with a platform that allows administrators to send frequent – at least once per month – phishing emails to users. It’s fully automated, with tonnes [metric spelling] of templates. Set the email schedule and get set for your phishing expedition.

Or phishing games, because instead of shaming those who fall prey to phishing attempts, KnowBe4 recommends different groups within an organization play games with each other.

“Sales, Marketing, Production, whatever – send these people simulated phishing attacks,” Sjouwerman said. “Then reward the group with the lowest phish-prone percentage.”

The service is envisioned by administrators, for administrators.

“We know the problems IT people are confronted with, and this gives them control over the end user portion of their networks, which they haven’t ever had. Often end users are click happy – they’ll open everything.”

Most users are highly trained in areas other than security. KnowBe4 shows users where the vulnerability is, and gives them enough information to make decisions about what to click on. Then regular simulated attacks reinforce their training.

A SaaS model, KnowBe4 is priced for small and medium enterprises. It’s already popular with more than 1,700 enterprise customers. 

Sjouwerman calls it Layer 8 of the OSI model – another layer you need on top of your existing infrastructure, and one that’s been neglected.

“If you look at the average cost compared to the times IT staff have to rebuild infected systems from scratch, because of malware on a box, it’s a no-brainer,” he said. “We help them cut down on that by reducing the risk of malware penetration.”

You can read independent reviews of KnowBe4 on Spiceworks.