Cyber Security Awareness with KnowBe4: Developing the Human Firewall
As cyber security threats escalate and hackers get more sophisticated, Wursta is here to help you reduce your risks. As part of our commitment to empowering you with IT knowledge and security support, we’ve partnered with KnowBe4, the world’s largest security awareness training organization. Together we recently presented a webinar, “Cyber Security Awareness with KnowBe4: Securing the Human,” in which we shared how to help your employees grasp a culture of security and help protect themselves from cyber security threats. You can watch the webinar recording and I’ve covered highlights in this blog.
Humans are a High Value, High Probability Target
Humans are a high value and high probability target, at a low cost to cybercriminals, making them a cost-effective approach. According to the Verizon 2023 Data Breach Investigations Report (DBIR), the three primary ways in which attackers access an organization are stolen credentials, phishing, and exploitation of vulnerabilities. Use of stolen credentials has become the most popular entry point for breaches. 91% of successful data breaches started with a spear-phishing attack.
People are a Critical Layer
Katrina Rodzik, Channel Account Manager Team Lead, KnowBe4, discussed how people are a critical layer within the fabric of security programs.
We all make mistakes. It’s impossible to entirely avoid human error. Although phishing has become the most notorious, people can put their organization at risk in a variety of different ways, such as sharing PII, using USB devices, or visiting risky websites.
The Human Firewall
Humans should be included as part of the security stack. It’s no longer a matter of if, but when something can penetrate your security layers. KnowBe4 focuses on the human firewall, with people being the last line of defense. Considering the various ways users can generate risk in an organization, it’s important to train them on different threat factors.
It’s important to focus on human security culture overall, not just phishing.
A Fully Mature Awareness Program is Vital
As makers of an excellent simulated phishing platform, KnowBe4 has realized over time that there is so much more that ties into human security culture than phishing.
- Awareness training on its own, typically once a year, is far from enough.
- Simulated phishing tests of groups of employees doesn’t work on its own either.
🡨 But together, done frequently, and reinforcing each other, they can be combined to greatly increase effectiveness.
KnowBe4 provides excellent free resources, such as, “Social Engineering Red Flags.” The infographic groups red flags into categories including “Attachments,” with helpful insights such as, “I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file.”
Katrina also presented How CEO Fraud Impacts You, walking webinar attendees through the multiple steps of these social engineering attacks, which exploit common human behaviors. KnowBe4 recommends sharing educational assets often. The more people see it, the more it will resonate, helping create a cultural shift and conditioning users to make smarter security decisions.
Train users and actively test to confirm that they’re retaining the information. Phishing tests provide users a safe environment in which to fail, so they can learn from their mistakes.
🡨 Again, combining training and phishing testing is ideal for a fully mature program.
View the webinar to learn more about KnowBe4’s offerings, including SecurityCoach, which enables real-time coaching of users in response to risky behavior based on alerts generated by your existing security stack.