KnowBe4-Presentation-Overview.pdf
- 1. KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
- 2. 2 60,000 Over Customers • The world’s largest integrated Security Awareness Training and Simulated Phishing platform • We help tens of thousands of organizations manage the ongoing problem of social engineering • CEO & employees are industry veterans in IT Security • Global Sales, Courseware Development, Customer Success, and Technical Support teams worldwide • Offices in the USA, UK, Netherlands, India, Germany, South Africa, United Arab Emirates, Singapore, Japan, Australia, and Brazil About Us Construction Insurance Energy & Utilities Consulting Consumer Services Retail & Wholesale Education Not for Profit Other Banking Manufacturing Healthcare & Pharmaceuticals Government Business Services Technology Financial Services
- 3. KnowBe4 Named a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 3 The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022, Forrester Research, Inc., March 16, 2022 The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. KnowBe4 received the highest scores possible in 16 of the 30 evaluation criteria, including breadth of content coverage, security culture measurement, and customer support and success. Using a 30-criteria evaluation, the Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current offering, strategy and market presence.
- 4. People are a critical layer within the fabric of our Security Programs 4
- 5. Customers Are Building a Modern Security Stack…. Devices Network People Infrastructure …That Starts With the Human 5
- 6. Your Employees Are Your Last Line Of Defense 6 • 91% of successful data breaches started with a spear phishing attack • In 2021, the most common initial attack vector, compromised credentials, was responsible for 20% of breaches at an average breach cost of $4.37 million • W-2 Scams social engineer Accounting/HR to send tax forms to the bad guys • 48% increase in global ransomware attacks in 2021
- 7. Humans Have Always Been the Weakest Link in Security Source: Verizon 2020 Data Breach Investigations Report Phishing Phishing RAM Scraper RAM Scraper Trojan Stolen Credentials Password Dumper Misdelivery Ransomware Misconfiguration Stolen Credentials Misdelivery Misconfiguration Password Dumper Trojan Ransomware 2015 2016 2017 2018 2019 2020 The human layer represents a high value and probability target at low time and cost to implement for attackers #1 #2 #3 #4 #5 #6 #7 #8 Rank of Select Threat Action Varieties in Breaches Over Time Ranking
- 8. 8
- 9. 9 How Can We Protect Our Organization? • Users are unaware of the internet dangers and get tricked by social engineering to click on a malicious link in a (spear)phishing email or opening an email attachment they did not ask for. • Employees have a false sense of security and believe their anti-virus has them covered. With the firehose of spam and malicious email that attack your network, 7-10% make it past your filters. • Surprisingly often, backups turn out not to work or it takes days to restore a system. • Today, an essential, additional security layer is to have your employees be your last line of defense. 9
- 10. How Do You Manage the Ongoing Problem of Social Engineering? Baseline Testing We provide baseline testing to assess the Phish-prone™ Percentage of your users through a free simulated phishing attack. Train Your Users The world's largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails. Phish Your Users Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates. See the Results Enterprise-strength reporting, showing stats and graphs for both security awareness training and phishing, ready for management. Show the great ROI! 10
- 11. Develop a Fully Mature Awareness Program • Awareness Training on its own, typically once a year, is far from enough. • Simulated phishing tests of groups of employees doesn’t work on its own either. • But together, done frequently, and reinforcing each other, they can be combined to greatly increase effectiveness. 11
- 12. • In order to create a security culture and change the behavior of your employees, you have to train everyone, from the board room to the lunchroom, and include the training in the onboarding of every new employee. • This should be on-demand, interactive, engaging and create a thorough understanding of how cybercriminals operate. Train Everyone • Employees need to understand the mechanisms of: • Spam • Phishing • Spear phishing • Malware • Ransomware • Social engineering And be able to apply this in their day-to-day job. 12
- 13. Baseline Phishing Test • Security awareness training can be undermined due to difficulty in measuring its impact. “You can’t manage what you don’t measure” • It is vital to establish a baseline on phishing click-through rates. This is easily accomplished by sending out a simulated phishing email to a random sample of personnel. • You find out the number that are tricked into clicking. This is your baseline “Phish-prone percentage” that you use as the catalyst to kickoff your training campaign. 13
- 14. Virtual Risk Officer™ • Identify risk at the user, group, and organizational level to enable you to make data-driven decisions for your security awareness plan. • With Virtual Risk Officer’s Risk Score, answer questions like: • What users are the most vulnerable to a phishing attack? • What groups haven’t had any training? • What types of phishing templates are my users most prone to clicking? • What are my highest-risk groups? • Risk Score enables you to take action and implement security awareness mitigation plans for high-risk user groups 14
- 15. • Even when testing confirms that phishing susceptibility has fallen to nominal levels, continue to test employees frequently to keep them on their toes, with security top of mind. • Bad actors are always changing the rules, adjusting their tactics and upgrading their technologies. • Analyze your phishing data. Continue to train and phish your users with more advanced tactics such as attachments and landing pages where they are asked to enter data. • Over time, increase the difficulty of the attacks, KnowBe4 has 12,000+ templates rated by difficulty from 1 to 5. Continue to Test Employees Regularly 15
- 16. KnowBe4 Security Awareness Training Works Effectively managing this problem requires ongoing due diligence, but it can be done and it isn’t difficult. We’re here to help. 16 Source: 2023 KnowBe4 Phishing by Industry Benchmarking Report Note: The initial Phish-prone Percentage is calculated on the basis of all users evaluated. These users had not received any training with the KnowBe4 console prior to the evaluation. Subsequent time periods reflect Phish-prone Percentages for the subset of users who received training with the KnowBe4 console.
- 17. 01C06K04