Cybercrimes continue to rise each year, with more than 155.8 million people affected by data exposures in 2020. Phishing, hacking, and ransomware are impacting organizations across all industries and of all sizes. To prevent becoming victims of a cyberattack, many companies invest in hardware and software tools to try to block incoming malware. However, that focus is misplaced, says cybersecurity veteran Stu Sjouwerman, who previously founded antivirus provider Sunbelt Software.
Sjouwerman explains that, “Despite all of the best technology and techniques for blocking cyberattacks, there was one persistent problem that we just couldn’t fix: the user. Tricking users to click on dangerous links or infected attachments was the easiest way in for cybercriminals.” A staggering 94% of malware is delivered through email, according to CSO Online, and phishing attacks account for more than 80% of reported security incidents. If you want to protect your business, the best way to do it is by educating your staff and teaching them to recognize phishing attacks.
Recognizing that this “human layer” was the key to effectively fighting cyberattacks, Sjouwerman founded KnowBe4, Inc., which provides security awareness training. A five-time Inc. 5000 honoree, KnowBe4 is now an Honor Roll member.
Security awareness is the answer
Verizon’s 2021 Data Breach Investigations Report found that 85 percent of data breaches involve a human element; only 15 percent occur through technical hacking of hardware or software. In fact, 98 percent of cyberattacks now rely on social engineering or a bad actor manipulating an employee to do something that is against the best interest of that employee or the organization. The best way to reduce the chances of becoming a victim of a security incident is to train employees how to recognize and prevent unwitting and unintended access to confidential data. The solution lies with people.
Explains Sjouwerman, “Organizations are coming to the realization that hacking hardware takes three months, hacking software takes three weeks, but hacking a human takes just three minutes.” So, today, hackers target humans at scale, sending out millions of highly targeted, fully automated spear-phishing emails to people.”
The ABCs of reducing cybercrime
Sjouwerman believes security awareness is the first step in preventing cybercrime. Research conducted by KnowBe4 drives home the importance of such awareness. Through its own customer testing, KnowBe4 found that about 1 in 3 untrained users are likely to fall for a phishing or social engineering scam. However, after just 90 days of computer-based training and simulated phishing testing, that number drops from 33 percent to around 16 percent. And after a year of monthly simulated phishing tests and regular training, the number of users likely to fall for a phishing scam falls to only 4.8 percent.
KnowBe4’s training involves a 15- to 30-minute session to start, followed by once a month, a two- or three-minute training session, “to help keep employees on their toes, with security top of mind,” Sjouwerman says.
The training process itself involves the ABC’s: Awareness, followed by Behavior, and, ultimately, Culture. Awareness helps employees recognize security risks, followed by behavior modification, or making smarter security decisions, which can result in a security culture. A security culture is when “the whole organization, top-down, understands the importance of information security,” says Sjouwerman, so that “you wind up with a much higher level of security.”
This dedication to cybersecurity, coupled with KnowBe4’s commitment to being the best place to work imaginable, has won the company rapidly growing legions of customers and numerous Best Place to Work awards.