Tag: KnowBe4

Security keeps businesses awake at night

Security outfit KnowBe4 released the results of its “What Keeps You Up at Night – The 2019 Report” which looks at more than 350 organisations globally and reveals the security weaknesses and concerns within organisations. On average, 81 per cent of organisations had some degree of anxiety around security issues.

Most were worried about data breaches, with credential compromise coming in as a close second. These

KnowBe4 security appoints Roger Grimes

B1hYC19TB3S._UX250_Security training outfit KnowBe4 has announced that it has appointed  cybersecurity expert and author Roger Grimes as its new data driven defence evangelist

Roger Grimes is a computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft.  He has been the weekly security columnist for InfoWorld and CSO magazines since 2005.

KnowBe4 CEO Stu Sjouwerman said: “I’ve been a huge fan of Roger’s work for many years. He’s one of those heavy hitters in the industry who is well-known, well-spoken, yet extremely humble and hard working. He’s full of many thought-provoking ideas, and I do not doubt that he will be an invaluable asset to our company.”

“With social engineering being a factor in 93 percent of all successful data breaches, I believe that working on any other problem in the security industry would be an inefficient use of my time”, said Grimes. “This job allows me to pursue my biggest passion in the cybersecurity industry of promoting a culture that supports the data-driven defence. I look forward to working with Stu and the KnowBe4 team to help drive the company’s ultimate vision.”

KnowBe4 was founded by data and IT security expert Stu Sjouwerman. It helps organisations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training.

Kevin Mitnick also works at the outfit as KnowBe4’s Chief Hacking Officer. He helped design KnowBe4’s training based on his social engineering tactics.

Ransomware and external malware hits midmarket and enterprises

the-highwaymanSecurity outfit KnowBe4’s “2018 Threat Impact and Endpoint Protection Report” claims that ransomware and malware is becoming a significant problem for corporates and medium-sized businesses.

In 2017, ransomware was a multi-billion dollar business with the number of new ransomware variants continuing to grow quarter-over-quarter. Despite the many security offerings available, organisations continue to fall victim to attacks with an average of 13 percent of organisations surveyed experiencing a ransomware attack and 25 percent of organisations suffering an external malware attack. Knowing these factors, KnowBe4 sought to understand the overall impact ransomware has on an organisation.

The widespread, opportunistic nature of many attacks, mixed with an improvement in phishing-based social engineering, has led cybercriminal organisations to take the “shotgun” approach, targeting every business for whatever ransom can be paid.

KnowBe4 surveyed more than 500 organisations around the globe to determine the impact a ransomware attack has on an organisation, including who is at risk, what is being held for ransom, what does it take to remediate and how does it impact the overall organisation. Specific findings included the following.

Midmarket organisations (1,000-5,000 employees) were hit the hardest with ransomware in 2017, with 29 percent indicating they experienced a ransomware attack. Organisations in manufacturing, technology and consumer-focused industries suffered the most ransomware attacks.

On average, 16 workstations, five servers and 22 users within an organisation were affected in a given attack with an average downtime of 14 hours. The organisations with the most downtime hours were mid-market and enterprise (5000+ employees) organisations.

The more critical the data, the higher likelihood of the ransom being paid. More than 97 percent of organisations stated that encryption impacted common Office-type files which included essential, sensitive and proprietary data. However, it is important to note that organisations realise the value in maintaining backup copies of their data, with 61% recovering server data from backups and 35 percent recovering workstation data from backups.

While most organisations do not pay the ransom, the ransoms ranged from $500 to $1 Million (USD). Most bitcoin-related ransoms were 1-3 bitcoins, ranging from $600 to $11,000.

On average, 24 percent of all organisations experienced an external attack in the last 12 months, with consumer-focused businesses, non-profits, technology and professional services being hit the hardest. Of those hit in 2017, 28 percent were hit in 2016.

The number of systems impacted during an external attack was far more than a single endpoint; the common malware-based external attack affected five workstations and one server.

Organisations with documented breaches varied in the number of records breached. The average number of files breached was slightly higher than 15,000. The organisations with the highest number of record breaches, which went up to 100K, were mid-market and enterprise organisations.

KnowBe4 CEO Stu Sjouwerman said that while ransomware attacks were becoming more sophisticated, they were preventable. As the report shows, endpoint protection solutions help protect against a material percentage of malware but don’t put a stop to the threat.

“It’s only by adding continual testing and training of employees that organisations create their strongest security posture and see a material decrease in both ransomware and external malware attacks. This shows a well-implemented security awareness training program makes an organisation much less susceptible to an attack. As these threats continue to grow, it’s imperative that organisations mobilise their last line of defence – their employees – to help protect against this threat.”