KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
About Us Over 28,000 The world’s largest integrated Security Awareness Training and Simulated Phishing platform Customers Based in Tampa Bay, Florida, founded in 2010 CEO & employees are ex-antivirus, IT Security pros We help tens of thousands of organizations manage the ongoing problem of social engineering We provide an affordable, easy-to-use GRC tool that helps organizations cut down audit time and manage your compliance and risk projects faster than ever 2
The Costs of Breaches and Ransomware Attacks 34% of businesses hit with $133K malware take a week or more to regain access to their data The average cost of a ransomware attack on businesses is $133,000 75% of companies infected with ransomware are running up-to-date endpoint protection 4 Source: Sophos 2018 and Kaspersky 2018
BEC Attacks Are Growing Business Email CEO Fraud and BEC Caused Compromise (BEC) increased $12.5B 136% in identified global exposed losses between Dec. 2016 and May 2018 These attacks often contain In Identified Global Losses no links, no attachments and no spelling or grammar errors. 5 Source: Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) 2018
Users Are the Last Line of A staggering Defense 91% of successful data breaches start with a spear phishing attack 30% of data breaches are caused by repeat offenders from within the organization of successful data breaches start with a spear phishing attack Ransomware damage costs predicted to reach $20 billion by 2021 3
Why Do People Click On Phishing Links So Quickly? Recent studies show that over 54.9% of users click on a phishing link in under 60 minutes 8
How Can We Protect Our Organization? The answer is defense-in-depth, and pay specific attention to the outer layer which is the weakest link in IT security: the human 10
How Can We Protect Our Organization? Users are unaware of the internet dangers and get tricked by social engineering to click on a malicious link in a (spear)phishing email or opening an email attachment they did not ask for. Employees have a false sense of security and believe their anti-virus has them covered. With the firehose of spam and malicious email that attack your network, 10-15% make it past your filters . Surprisingly often, backups turn out not to work or it takes days to restore a system. Today, an essential, additional security layer is to have your employees become part of your last line of defense. 11
Platform for Unlimi Awareness Training ted Use and Testing Custom Phishing 1 Train Your Users Detailed Reporting 2 Phish Your Users Ransom Guarantee 3 See the Results Simulated Attachments New Smart Groups 4
Most security awareness programs are still too superficial and done for compliance reasons. What is missing is the correct estimation of the adversary being faced and the degree of Comprehensive commitment an organization has to have to stave off attacks. Programs Work 13
Awareness Training on its own, typically once a year, is far from enough. Simulated phishing tests of groups of employees doesn’t work on its own either. Develop a But together, done frequently, and Fully Mature reinforcing each other, they can be combined to Awareness greatly increase effectiveness . Program 14
Baseline Phishing Test Measure the results. “ You can’t manage what you don’t measure ” It is vital to establish a baseline on phishing click-through rates. This is easily accomplished by sending out a simulated phishing email to a random sample of personnel. You find out the number that are tricked into clicking. This is your baseline “Phish-prone percentage” that you use as the catalyst to kickoff your training campaign. 15
Train Everyone In order to create a security culture and change the behavior of your employees, you have to train everyone , from the board room to the lunchroom, and include the training in the onboarding of every new employee. This should be on-demand, interactive, engaging and create a thorough understanding of how cybercriminals operate. Employees need to understand the mechanisms of: Spam Phishing Spear phishing Malware Ransomware Social engineering And be able to apply this in their day-to-day job. 17
Continue to Test Employees Regularly Even when testing confirms that phishing susceptibility has fallen to nominal levels, continue to test employees frequently to keep them on their toes, with security top of mind. The bad guys are always changing the rules , adjusting their tactics and upgrading their technologies. Analyze your phishing data . Continue to train and phish your users with more advanced tactics such as attachments and landing pages where they are asked to enter data. Over time, increase the difficulty of the attacks , KnowBe4 has 3,000+ templates rated by difficulty from 1 to 5. 19
KnowBe4 Security Awareness Training Works Effectively managing this problem requires ongoing due diligence, but it can be done and it isn’t difficult. We’re here to help. January 2019 21
Questions? Tel: 855-KNOWBE4 (566-9234) |www.KnowBe4.com |Partners@KnowBe4.com
Recommend
More recommend
