When you think about the cybersecurity threats facing your organization, what comes to mind? Many of us picture a sophisticated hacker in a hoodie tapping incomprehensible code into a laptop, penetrating our expensive defenses, breaching our firewall, infiltrating our servers, and stealing our passwords. Many miss the fact that, despite the fast pace of development in security technology, organizations are still thwarted most often by a ubiquitous and unavoidable vulnerability: their people. Within every organization looms the very real threat of a human being (often a trusted employee—and in many cases, an executive) creating chaos with a single click. Enter the world of Security Awareness Computer-Based Training, a category of businesses that have set out to address this vulnerability by testing and educating users in real-world scenarios with the help of sophisticated technology.
KnowBe4, our preferred vendor for this type of training, was recently awarded the top spot in the Gartner’s 2019 Magic Quadrant in this category. Their training tool lets your organization create customized, simulated phishing email campaigns to send to your users. Just like real-life phishing campaigns, these emails rely on sophisticated social-engineering tricks to get individuals to click links by spoofing emails from IT, management, or even the CEO. You can go with KnowBe4’s well-developed default settings or add your own customizations to increase the likelihood you’ll catch someone slipping up.
When a user falls for one of these emails and clicks a link or replies, KnowBe4 tracks it, and takes action based on your preferences. You can leave users in the dark until a later targeted training or disciplinary action, or have KnowBe4 alert the user right away that they slipped up, redirecting them immediately to a training video that outlines the clues they missed. Over time, you will identify your weak links and take targeted action rather than forcing the whole company to sit through training every 6 months. Even users who are skilled at spotting phishing attempts will begin to read email with more suspicion—a useful outcome in the era of increasingly advanced anti-spam tools that lull your people into a false sense of security.
We at Kinetix have used KnowBe4 internally and deployed it to many clients, all of whom have seen positive results, often finding many people falling for tests in the beginning, but improving significantly over time. We’re such fans that we’ve partnered with KnowBe4 and built their service into our Security Essentials Package. There is no way around it; as phishing attacks become more sophisticated, you’ll have to face the threat one way or another. If you’re not already using KnowBe4, contact us and we’ll get you started.