KnowBe4 CEO Stu Sjouwerman addresses inaccurate Internet security myths and offers the real truth to help reduce losses due to cybercrime.
(TAMPA BAY, Fl.) March 12, 2013 – Last year, American businesses and consumers lost a combined $20.7 billion to cybercrime, with 71 million people falling victim to online scams and phishing attacks (1). With the high cost of cybercrime, security awareness training firm KnowBe4 (www.knowbe4.com) asserts that American businesses must take strong measures to protect against cyber-attacks. KnowBe4 stresses that the statistics only show cybercrime attacks that have been reported, and that the real cost is likely much higher. Despite the prevalence of cybercrime, the Internet security community remains overwhelmed with falsehoods about the effectiveness of security awareness training.
KnowBe4 CEO Stu Sjouwerman explains that the well-known myths about the Internet security industry are far from true:
1. “Internet security training does not work.”
- Informed users have proven to be a defense against cybercrime. A recent KnowBe4 case study of three KnowBe4 clients revealed that between 26%-45% of employees at those companies were phish-prone™, or susceptible to phishing emails. Implementation of Internet security awareness training immediately reduced that percentage by 75%, with subsequent phishing testing over four weeks resulting in a close to zero phishing response rate across all three companies.
2. “[Security] Training isn’t worth it.”
- The argument that security training is not worth it because “someone will always mess up” is foolhardy. Even professions who are known for their attention to data security have been fooled, including security firms and even the U.S. government (2). In a recent KnowBe4 case study, Bradenton-based lawyer Kimberly Graus found out the hard way that data security breaches can happen to any business, anywhere and at any time, when hackers bypassed her antivirus software and initiated $35,000 in wire transfers from a trust fund she manages. Those companies that don’t have security awareness training are susceptible to these attacks, while those who do engage in security training materially decrease their risk.
3. “People already know what to do.”
- In an experiment it dubbed as the FAIL500 project, (http://www.knowbe4.com/fail500/) KnowBe4 sent non-malicious simulated phishing emails to employees at more than 3,000 companies featured in the Inc. 5000, and at 485 of those firms, one or more employees clicked the email and exposed the companies to security threats. Clearly, people do not know what to do.
4. “It’s all about [anti-virus] prevention.”
- In 2010, the Treasury Credit Union—a financial facility servicing federal employees and the families of the U.S. Treasury Department in Utah—was hacked. The criminals infiltrated the bank’s computer system, and approximately 70 wire transfers were made from one of the bank’s own accounts. The transfers were made in low-increment amounts of under $5,000 to money mules, totaling in the low six figures. This was accomplished despite the fact that the computer and network were well-protected by antivirus software. Prevention alone is not sufficient.
5. “It’s simple.”
- Internet security is far from simple. If it were, cybercrime would be decreasing instead of steadily rising. That is why companies need Kevin Mitnick Security Awareness Training—all the work has been done for you.
There are well-documented case studies on Sjouwerman’s site that show losses of millions of dollars of income stolen from businesses by cybercriminals. None of the affected companies had engaged in KnowBe4’s security training. KnowBe4 offers the highly advanced Kevin Mitnick Security Awareness Training (http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/) program, designed to help organizations defend against even the most advanced network security breaches.
“Many small and medium enterprises think they’re adequately protected against security threats because they have anti-virus software. But the reality is that cybercriminals (www.knowbe4.com) can bypass that software by tricking an employee into clicking a link in a phishing email,” explained Sjouwerman.
KnowBe4’s Kevin Mitnick Security Awareness Training (http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/) is an interactive, web-based program which includes case studies, live demonstration videos and short tests. The initial training session can be completed in 30 to 40 minutes. Afterward, regularly-scheduled phishing security tests help keep employees on their toes. Those users who fall for the simulated phishing attacks can receive instant remedial training. An admin console provides before-and-after reports with instant graphs detailing the effectiveness of the training.
Symantec, a global computer security software corporation, apparently agrees with Sjouwerman that more action needs to be taken in order to prevent cybercrime. As a follow-up to a story run by the New York Times on Wednesday, Jan. 30, 2013 announcing they had been the target of a cyberattack, Symantec stated, “We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”
KnowBe4 provides an extensive collection of free cybercrime education resources so that executives can arm themselves and their staff against cyber-attacks.
For more information on KnowBe4’s Internet security training services and cybercrime prevention tips, visit http://www.knowbe4.com.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides Web-based Internet Security Awareness Training (ISAT) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness (www.knowbe4.com) training. He is the author of four books, including Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.