KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Transcription

1 KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

2 About Us The world s most popular integrated Security Awareness Training and Simulated Phishing platform Over 15,000 Customers Based in Tampa Bay, Florida, founded in 2010 CEO & employees are ex-antivirus, IT Security pros Former Gartner Research Analyst, Perry Carpenter is our Chief Evangelist and Strategy Officer 200% growth year over year We help thousands of organizations manage the problem of social engineering Our mission is to enable your employees to make smarter security decisions 2

3 Hit with ransomware or suffered a data breach from a phishing attack Why a New Security Awareness Training Program? See the value and ready to start a Security Awareness Training program for employees Regulatory compliance requires proactive measures to protect sensitive company information Need fresh, real-world training content to replace current program 3

4 People are a critical layer within the fabric of our Security Programs 4

5 Your Employees Are Your Last Line Of Defense 91% of successful data breaches started with a spear phishing attack CEO Fraud (aka Business Compromise) causes $5.3 billion in damages yearly W-2 Scams social engineer Accounting/HR to send tax forms to the bad guys Ransomware was a 5 Billion dollar criminal business in 2017, and continues to grow 4

6 Phishing is Still the #1 Threat Vector Source: Michael Osterman, Osterman Research 6

7 Focused and motivated hackers Cybercrime damage costs to hit $6 Trillion annually by 2021 Social engineering, software vulnerabilities create urgent need for regular and effective Security Awareness Training Defense-in-depth is a must Explosive Malware Growth Endpoint Security Does Not Catch it All Virus Bulletin Malware Catch Rates 7

8 Recent studies show that over Why Do People Click On Phishing Links So Quickly? 54.9% of users click on a phishing link in under 60 minutes 8 8

9 Ransomware and CEO Fraud Dominate 2017 Ransomware and Banking Trojans used in CEO Fraud significantly increased in FBI reports that Since January 2015, there has been a 1,300 percent increase in identified exposed losses from CEO Fraud now totaling over $3 billion. Proofpoint Q Threat Report 9

10 Tech Giants Fall Victim to $100 Million CEO Fraud The scammer, a 48-year old Lithuanian managed to trick these two technology companies into wiring him $100 million. This scam surfaced as the U.S. government filed a civil forfeiture lawsuit in federal court in Manhattan seeking to recover tens of millions held in at least 20 bank accounts around the world. 10

11 11

12 How Can We Protect Our Organization? The answer is defense-in-depth, and pay specific attention to the outer layer which is the weakest link in IT security: the human 12

13 How Can We Protect Our Organization? Users are unaware of the internet dangers and get tricked by social engineering to click on a malicious link in a (spear)phishing or opening an attachment they did not ask for. Employees believe their anti-virus has them covered but the average window of exposures 17.5 hours before a signature that blocks the phishing attack becomes available. Surprisingly often, backups turnout not to work or it takes days to restore a system. Today, an essential, additional security layer is to train your users to be come part of your human firewall

14 How Do You Manage the Ongoing Problem of Social Engineering? Baseline Testing We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing attack. Train Your Users On-demand, interactive, engaging training with common traps, live hacking demos and new scenario-based Danger Zone exercises and educate with ongoing security hints and tips s. Phish Your Users Fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community phishing templates. See the Results Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI! 14

15 Most security awareness programs are still too superficial and done for compliance reasons. Comprehensive Programs Work What is missing is the correct estimation of the adversary being faced and the degree of commitment an organization has to have to stave off attacks. 15

16 Awareness Training on its own, typically once a year, is far from enough. Develop a Fully Mature Awareness Program Simulated phishing tests of groups of employees doesn t work on its own either. But together, and reinforcing each other, they can be combined to greatly increase effectiveness. 16

17 Baseline Phishing Test Security awareness training can be undermined due to difficulty in measuring its impact. You can t manage what you don t measure It is vital to establish a baseline on phishing click-through rates. This is easily accomplished by sending out a simulated phishing to a random sample of personnel. You find out the number that are tricked into clicking. This is your baseline Phish-prone percentage that you use as the catalyst to kickoff your training campaign. 17

18 Train Everyone In order to create a security culture and change the behavior of your employees, you have to train everyone, from the board room to the lunchroom, and include the training in the onboarding of every new employee. This should be on-demand, interactive, engaging and create a thorough understanding of how cybercriminals operate. Employees need to understand the mechanisms of: Spam Phishing Spear phishing Malware Ransomware Social engineering And be able to apply this in their day-to-day job. 18

19 Test the Results 19

20 Continue to Test Employees Regularly Even when testing confirms that phishing susceptibility has fallen to nominal levels, continue to test employees frequently to determine if anti-phishing training remains effective. The bad guys are always changing the rules, adjusting their tactics and upgrading their technologies. Analyze your phishing data. Continue to train and phish your users with more advanced tactics such as attachments and landing pages where they are asked to enter data. Over time, increase the difficulty of the attacks, KnowBe4 has 2,100+ templates rated by difficulty from 1 to 5. 20

21 Forrester TEI Study: Value of KnowBe4 Goes Beyond ROI 25

22 KnowBe4 Security Awareness Training Works Effectively managing this problem requires ongoing due diligence, but it can be done and it isn t difficult. We re here to help. January

23