KnowBe4 Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

KnowBe4

5 Minutes With… Javvad Malik, Security Awareness Advocate at KnowBe4

 960 640 Stuart O'Brien
By:
0
0

In the latest instalment of our cybersecurity industry executive interview series we spoke to Javvad Malik (pictured), Security Awareness Advocate at KnowBe4, about the importance of training employees to avoid risks, common mistakes made in cyber defence strategies and why action blockbuster The Predator is the perfect movie for cybersecurity professionals… 

Tell us about KnowBe4

KnowBe4 is the world’s first and largest New-school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. Our main mission is to enable employees to make smarter security decisions every day, and that’s what our products are all designed to support.

Why is security awareness and training important?

Humans are the most attacked vector in any cyber security incident. As a result, security awareness and training is essential to equip employees with the knowledge and skills needed to navigate the digital world safely. By promoting a strong security culture, organisations can significantly reduce the likelihood of successful cyberattacks and minimise the potential impact when incidents occur.

What do organisations most commonly get wrong when it comes to cybersecurity?

Too many times organisations focus on the new shiny threats out there and focus on highly technical and often theoretical threats. The main threats most organisations face still revolve heavily around phishing, poor passwords, and unpatched software. By focussing on the fundamental controls, organisations can reduce their risk significantly compared to chasing the latest shiny tech.

What advice would you give someone starting out in cybersecurity

Be patient, learn your craft, find mentors who can help you grow into areas you want to.

What infosec technology could you not live without?

From a personal perspective, I think a password manager has become invaluable in creating, storing and managing credentials. I genuinely don’t know any of my credentials – which I think is a good thing.

What’s your favourite cybersecurity movie?

Predator, with Arnold Schwarzenegger. You probably are wondering why that is a cybersecurity movie, and to answer that I explained my thoughts here: https://javvadmalik.com/2020/10/29/why-predator-is-the-ultimate-ciso-movie/

What keeps you up at night? It’s users, isn’t it

 960 640 Stuart O'Brien
By:
0
0

Ninety-two per cent of organisations’ biggest security is concern is users, with 81% having some degree of concern around security issues.

A new report, What Keeps You Up At Night 2019 – commissioned by security awareness training company KnowBe4 – looked at over 350 organisations globally.

The research was carried out against a background in which AI and machine learning are being leveraged by criminal organisations to help them better understand how to improve their attacks, targeting specific industry verticals, organisations and even individuals.

In the results, increases in the frequency of ransomware, phishing and crypto jacking attacks were experienced by businesses of nearly every size, vertical and locale.

When it came to attack vectors, data breaches were the primary concern, with credential compromise coming in as a close second.

The report says these two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings from the report include: 

• 92% of organisations rank users as their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organisations need to implement. 

• Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks, 95 per cent of organisations are most concerned with data breaches.

• Ensuring security is in place to meet GDPR requirements is still a challenge for 64 per cent of organisations, despite the regulation details being out for quite some time.

• Attackers’ utilisation of compromised credentials is such a common tactic, 93 per cent of organisations are aware of the problem, but still have lots of work to do to stop it. 

• When it comes to resources, 75 per cent of organisations do not have an adequate budget.

“2018 was a prolific year for successful cyberattacks, and many of them were caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start with establishing a security culture, and in order to combat the escalation of social engineering, they have to ensure users are trained and tested.” 

Don’t click if you receive any of these emails…

 960 640 Stuart O'Brien
By:
0
0

Hackers are getting smarter and now know how to leverage psychological triggers to get the attention of victims, according to a new report.

KnowBe4, a provider of security awareness training an simulated phishing platform has published its Top 10 Global Phishing Email Subject Lines for Q2 2018. The messages in the report, which were compiled from analysing KnowBe4 user data, are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments.

Ironically, the top three messages for Q2 2018 show that hackers are playing into users’ commitment to security, all tricking users with clever subject lines that deal with passwords or security alerts.

Hackers continue to take advantage of the human psyche. A recent report from Webroot validates this notion with IT decision makers believing their organisations are most vulnerable to phishing attacks – more so than new forms of malware. Some 56 per cent of IT decision makers in the US believe their businesses will be most susceptible to phishing attacks, while 44 per cent of IT decision makers in the UK are most concerned with ransomware attacks. By playing into a person’s psyche to either feel wanted or alarmed, hackers continue to use email as a successful entry point for an attack.

“Hackers are smart and know how to leverage multiple psychological triggers to get the attention of an innocent victim,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “In today’s world, it’s imperative that businesses continually educate their employees about the tactics that hackers are using so they can be savvy and not take an email at face value. Hackers will continue to become more sophisticated with the tactics they use and advance their utilisation of social engineering in order to get what they want.”

The Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018 include:

  1. Password Check Required Immediately
  2. Security Alert
  3. Change of Password Required Immediately
  4. A Delivery Attempt was made
  5. Urgent press release to all employees
  6. De-activation of [[email]] in Process
  7. Revised Vacation & Sick Time Policy
  8. UPS Label Delivery, 1ZBE312TNY00015011
  9. Staff Review 2017
  10. Company Policies-Updates to our Fraternisation Policy