knowbe4 – Friki Linux

KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend

Posted on 2023-01-20 by Kernel

KnowBe4 has announced the results of its 2022 and Q4 2022 top-clicked phishing report. The results include the top email subjects clicked in phishing tests, top attack vector types, holiday phishing email subjects and more insightful information that reveal the most popular phishing email tactics.

Phishing emails continue to be one of the most common and effective methods to maliciously impact a variety of organisations around the world – everyone is a potential victim. Cybercriminals constantly refine their strategies to outsmart end users and organisations by changing phishing email subjects to be more believable and attention grabbing. This shift in phishing tactics over time is evident in the increasing trend of cybercriminals using business-related email subjects.

Business phishing emails are lucrative and successful because of their potential to affect a user’s workday and routine. These include emails from HR, IT, managers and web services such as Google and Amazon. KnowBe4’s 2022 phishing test results reveal that for the year, nearly 50% of email subjects were HR related, while the other half were related to career development, IT and work project notifications. These types of emails bait recipients into opening them and are likely successful because they create a sense of urgency in users to act quickly, sometimes without thinking and taking the time to question the email’s legitimacy.

Additionally, this year’s phishing tests revealed the top vector for the year to be phishing links in the body of an email, which has stayed consistent for the last three consecutive quarters. The combination of these phishing tactics is clearly a working strategy for cybercriminals but detrimental to users and organisations as they can lead to cyber attacks such as business email compromise and ransomware.

Along with an increased utilisation of more business-related emails and links within emails, the Q4 2022 phishing test also shares the top holiday phishing email subjects. The holiday season is one of the busiest times of year for online activities and cybercriminals count on end users having their guards down when it comes to staying alert and spotting phishing emails. Like general phishing email subjects, holiday phishing email subjects consist of emails from HR and IT, however, they are also tailored to the holiday season and the festivities that typically happen during that time of the year by mentioning holiday parties, gifts, food and more.

“Cybercriminals are smart and pay attention to what works and what does not when it comes to effective phishing emails,” said Stu Sjouwerman, CEO, KnowBe4. “This is why we see email subjects evolve and upgrade over time to keep up with end users and what they may be susceptible to. Phishing emails are a year-round threat and remain a challenge during the holiday season as well – holiday phishing emails are the one gift that no one wants to receive in their inbox. KnowBe4’s phishing test reports emphasise the importance of new-school security awareness training that educate users on the latest and most common cyber attacks and threats. A strong security culture and an educated workforce is an organisation’s best defence to remain vigilant and stay safe online from cybercriminals and their attempted threats.”

To download a copy of the 2022 and the Q4 2022 KnowBe4 Phishing Infographics, visit here and here.

The post KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend appeared first on IT Security Guru.

KnowBe4 Integrates With CrowdStrike Aiming to Reduce Human Risk in Organisations

Posted on 2023-01-12 by Kernel

Two cybersecurity powerhouses, KnowBe4 and Crowdstrike, have come together to provide enhanced security for enterprises around the world.

KnowBe4’s SecurityCoach product is now integrated with the CrowdStrike Falcon platform, with the collaboration designed to help reduce high risk behavior by leveraging CrowdStrike’s security telemetry to discover security incidents, which trigger real-time security training from KnowBe4.

SecurityCoach helps IT and security professionals develop a strong security culture by enabling real-time security coaching of their users in response to high risk security behavior. Leveraging an organization’s existing security stack, IT and security professionals can configure real-time coaching campaigns to immediately deliver a SecurityTip to their users when a security event is detected.

“Our ecosystem of technology partners is growing rapidly, to enrich the support we provide to our customers and to fortify their organization’s human firewall,” said Stu Sjouwerman, CEO, KnowBe4. “KnowBe4 is proud to partner with CrowdStrike by seamlessly integrating our new SecurityCoach product with security telemetry delivered from the CrowdStrike Falcon platform. Our integration aims to deliver real-time security coaching and advice based on when security incidents occur to help end users enhance their cybersecurity knowledge and strengthen their role in contributing to a strong security culture.”

“By partnering with KnowBe4, we’re providing bite-sized, personalized security awareness lessons based on enriched insights derived from the CrowdStrike Falcon platform,” Geoff Swaine, VP of Global Programs, Store and Tech Alliances at CrowdStrike. “By seamlessly integrating CrowdStrike’s robust security data with KnowBe4’s large library of curated coaching modules, we’re empowering customers to minimize human risk, improve their security posture and stop breaches.”

KnowBe4 will provide step-by-step instructions and recommendations to help IT and security professionals achieve quick and pain-free integration and data syncing during the implementation process.

The post KnowBe4 Integrates With CrowdStrike Aiming to Reduce Human Risk in Organisations appeared first on IT Security Guru.

KnowBe4 Has Been Named the #1 Leader in the G2 Grid Winter 2023 Report in Two Categories

Posted on 2022-12-22 by Kernel

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced its PhishER product and its Kevin Mitnick Security Awareness Training (KMSAT) platform have been named the number one leader in the G2 Grid Winter 2023 Report for the seventh consecutive quarter and the 14th consecutive quarter, respectively. Additionally, the KMSAT platform is recognized as “Most Implementable” meaning it earned the highest implementation rating in the category.

The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors and Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.

Based on 154 G2 customer reviews, KnowBe4’s PhishER is the top ranked SOAR software. PhishER has the highest satisfaction score among SOAR products in the category and received a score of 96 out of 100, with 99% of users rating it 4 or 5 stars.

Based on over 986 G2 customer reviews, KnowBe4’s KMSAT is the top ranked SAT platform with 99% of users rating 4 or 5 stars. The KMSAT platform received the highest G2 score among products in the SAT category with a score of 97 out of 100. Additionally, the KnowBe4 platform received 92% ease of use rating and 95% quality of support score. KnowBe4 has the highest G2 score and largest market presence among all vendors rated in the report.

“KnowBe4 is committed to providing our customers with quality, exceptional products and services for their organizations,” said Stu Sjouwerman, CEO, KnowBe4. “PhishER keeps organizations protected by providing security teams with a platform to identify and respond to malicious emails and threats, while our security awareness training platform educates and enables users to regularly make smarter and safer security decisions. Together or individually, these two outstanding products contribute to fortifying an organization’s security culture, which is essential to combat the plethora of cybersecurity threats on the market today. We are elated to once again be recognized as the top leader in these categories and thank our customers for their honest feedback.”

For more information on PhishER, visit https://www.knowbe4.com/products/phisher. To download a copy of the report on the SOAR market, visit https://www.knowbe4.com/g2-grid-report-for-security-orchestration-automation-and-response. 

For more information on KnowBe4’s KMSAT, visit https://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/. To download a copy of the report on the SAT market, visit https://www.knowbe4.com/g2-grid-report-for-security-awareness-training.

The post KnowBe4 Has Been Named the #1 Leader in the G2 Grid Winter 2023 Report in Two Categories appeared first on IT Security Guru.

KnowBe4 and Netskope Collaborate for New SecurityCoach Integration

Posted on 2022-12-02 by Kernel

KnowBe4 has announced that its new SecurityCoach product now integrates with Netskope. The two security organisations have collaborated together to help reduce risky behaviour with product integration to support real-time security coaching of users.

SecurityCoach helps IT/security professionals to develop a strong security culture by enabling real-time security coaching of their users in response to risky security behaviour. Leveraging an organisation’s existing security stack, security teams and administrators can configure their real-time coaching campaigns to immediately deliver a SecurityTip to their users related to a detected event via Slack, Microsoft Teams or email.

“Netskope joins our ecosystem of technology partners, which is growing rapidly, to enrich the support we provide to our customers and to fortify their organisation’s human firewall,” said Stu Sjouwerman, CEO, KnowBe4. “KnowBe4 is proud to partner with Netskope to provide a seamless integration with our new SecurityCoach product, which aims to deliver real-time security coaching and advice to help end users enhance their cybersecurity knowledge and strengthen their role in contributing to a strong security culture. KnowBe4 is actively working with Netskope to coach users in real time around their activities online or in the cloud. For example, when a user goes to a risky website, KnowBe4 can in real time integrate with Netskope and send the user a targeted coaching module.”

“Netskope provides targeted insights to KnowBe4 that can be used to give actionable coaching to end users,” Andrew Horwitz, VP of Technology Alliances at Netskope. “KnowBe4’s large library of curated coaching modules together with Netskope’s actionable user specific insight on their activity in the cloud can build a real time zero trust system for our shared clients.”

KnowBe4 will provide step-by-step instructions and recommendations to help IT/security professionals achieve quick and pain-free integration and data syncing during the implementation process.

KnowBe4 now integrates or partners with over 20 of the world’s top cybersecurity platforms across Endpoint, Network, Identity, Cloud and Data Security https://www.knowbe4.com/integrations.

For more information on SecurityCoach, visit www.knowbe4.com/securitycoach.

The post KnowBe4 and Netskope Collaborate for New SecurityCoach Integration appeared first on IT Security Guru.

KnowBe4 Launches Cybersecurity Awareness Month University Challenge

Posted on 2022-10-04 by Kernel

KnowBe4, the provider of the world’s largest security awareness training platform, announced it is spearheading an initiative among UK universities that invites students with an interest in media/comms or cybersecurity to work collaboratively together to produce a security awareness video that addresses one of the themes from Cyber Security Awareness Month (CAM). Supported and judged by a working group consisting of esteemed professors from universities across England, Scotland and Wales, the winning entry will be showcased at KnowBe4’s annual conference, KB4-CON, and entrants will compete for cash prizes, internships and work experience.

The aim is to bring students together from differing academic backgrounds, connecting the skills of communications, creativity and cybersecurity together to help SMEs and critical industries address cybersecurity risk.

“Creating a good security culture and practices requires communication and different messaging to reach all sectors of the economy,” said Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “Linking the skills of communication, creativity and good technical cyber know-how will seed new thought and deliver innovative experiences that grow collaborative project skills. It’s an exercise that can be carried forward into the students’ careers and shed some light on real industry challenges and strategies moving forward.”

In teams of up to four people made up of students with an interest in media/comms and computer science/cybersecurity (note: it does not have to specifically be these degrees), the students will work together to first identify a threat to business based on one of the themes from this year’s Cybersecurity Awareness Month. They will need to perform industry interviews and speak to organisations about their security awareness programmes, what types of social engineering, phishing or other cybersecurity threats they are up against. They will also need to address industry trends such as the growth of incidents involving small and medium enterprises. Using the information gathered, they will work together to create a max three-minute video to convey the issue through storytelling, demonstrate the scale of the problem and provide lessons on how to overcome it.

“Education and people are critical elements to creating a trusted digital world. Currently some estimate that over 95% of cyber breaches are through human error. So, I couldn’t think of a more brilliant way to address this than engaging diverse students to ideate and converge their fresh thinking, creativity and communication skills to produce inspiring new video messaging for the 2022 Cybersecurity Awareness Month,” said Professor Lisa Short, Global Technology Influencer & Founder of Areté Business Performance. “It’s simply amazing to see collaboration encouraged between universities, students and businesses to produce really meaningful impact to reduce digital harm and cyber risks. It also highlights the diverse nature of employment and working in cybersecurity and new talent pathway opportunities. When asked by Yvonne at Eskenzi PR, I had the best team sorted and ready to help.”

Danny Dresner, Professor of Cyber Security at the University of Manchester, added: “I love this concept of breaking out of computing and getting the scientists working with the arts and business students. Good practices in cyber security will only be realised if they get ownership from business leaders, colleagues and peers…and let’s not forget bringing key cyber security messages to the wider community; so many people can be easily led astray and become lost in the cyber landscape!”

The challenge is being launched in line with Cybersecurity Awareness Month and final entries will be judged in January 2023. Visit the website for all the latest updates: https://www.securityserious.com/kb4challenge/

The post KnowBe4 Launches Cybersecurity Awareness Month University Challenge appeared first on IT Security Guru.

HR Emails Dupe Employees The Most – KnowBe4 research reveals

Posted on 2022-07-27 by Kernel

New research has revealed the top email subjects clicked on in phishing tests were those related or from Human Resources, according to the latest ‘most clicked phishing tests‘ conducted by KnowBe4. In fact, half of those that were clicked on had subject lines related to Human Resources, including vacation policy updates, dress code changes, and upcoming performance reviews. The second most clicked category were those send from IT, which include requests or actions of password verifications that were needed immediately.

“We already know that more than 80% of company data breaches globally come from human error,” said Stu Sjouwerman, KnowBe4’s CEO. “New-school security awareness training your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognize a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”

To add, KnowBe4 also stated the number one attack threat in the past quarter from their phishing tests and those seen in the wild are phishing links in the email body. As we are all aware, once this malicious links are clicked in the real world, they often lead to disastrous consequences like ransomware attacks or data breaches.

This research comes hot off the heels of the recent KnowBe4 industry benchmarking report which found one in three untrained employees will click on a phishing link. The worst performing industries were Energy & Utilities, Insurance and Consulting, with all labelled the most at risk for social engineering in the large enterprise category. Stu added: “With the steep cost of cyberattacks, this is deeply concerning. Given that most data breaches originate from social engineering, we cannot afford to omit the human element. Implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks and result in a more secure organizational culture.”

The post HR Emails Dupe Employees The Most – KnowBe4 research reveals appeared first on IT Security Guru.

Almost a third of untrained users will click a phishing link – KnowBe4 research

Posted on 2022-07-15 by Kernel

New research has revealed that one in three untrained employees will click on a phishing link, according to the 2022 Phishing by Industry Benchmarking Report from KnowBe4.

With ransomware payments averaging $580,000 in 2021 and business email compromise (BEC) losses topping $1.8 billion in 2020, a cyber attack can wreak havoc on an organisation. Yet, according to the baseline testing conducted for the report, without security training, across all industries globally, 32.4% of employees are likely to click on a suspicious link or comply with a fraudulent request. In some large category industries, such as Consulting, Energy & Utilities, and Healthcare & Pharmaceuticals, the percentage is over 50%.

The 2022 study analysed a data set of 9.5 million users across 30,173 organisations with over 23.4 million simulated phishing security tests. By examining the employee Phish-prone Percentages (PPP) by industry, KnowBe4 is able to deduce at-risk users that are susceptible to phishing or social engineering attacks. For those news to PPP, measures the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.

“In critical industries like Health Services and Finance, where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” says Stu Sjouwerman, CEO, KnowBe4.

“With the steep cost of cyberattacks, this is deeply concerning. Given that most data breaches originate from social engineering, we cannot afford to omit the human element.

“Implementing security awareness training with simulated phishing testing will help to better protect organisations against cyber attacks and result in a more secure organisational culture.”

The 2022 Phishing by Industry Benchmarking Report underscores that fact that while technology plays an important role in preventing and recovering from an attack, organisations cannot afford to ignore the human factor.

The post Almost a third of untrained users will click a phishing link – KnowBe4 research appeared first on IT Security Guru.