KnowBe4 Says More Can Be Done To Avoid Hacks Like Staples

Attitude of experts that “you can’t patch stupid” is just wrong and can actually leave companies open for attack. The solution: effective security awareness training.

The addition of Staples to the recent torrent of data breaches has unleashed another flurry of concern over just how problematic security is becoming. 2014’s exploits were unprecedented, but KnowBe4’s CEO has pointed out that IT and security experts attitude toward users may be contributing to the latest wave. According to experts, 91% of all data breaches started with a phishing attack, yet simple actions to fix this are being ignored. Billions of dollars in security can't stop an employee from clicking a malicious link. Long held but erroneous beliefs that "there is no patch for a stupid user" are passed along from officials like Denise Zheng, deputy director of the Center for Strategic and International Studies as noted in an interview last week with CNN.

“Training users with an effective program like Kevin Mitnick Security Awareness Training is one of the easiest and most cost-effective ways to avoid a data breach”, says Stu Sjouwerman, CEO of KnowBe4. “Spear-phishing attacks are opportunistic threats that can be mitigated if users were well trained and tested on social engineering methods. Don’t let “stupid users” become a self-fulfilling prophesy.”

While highly targeted attacks are much harder to defend against, Sjouwerman contends defending against criminal “opportunistic” high-skill, low-focus attacks like Target, Home Depot, JP Morgan Chase and now Staples is now possible. Sjouwerman said, IT managers have to avoid breach fatigue, as this breeds a lax approach to security. It pays off to keep users on their toes with security top of mind utilizing regular phishing tests and frequent on-demand training.”

Social engineering has been around for some time and highlights a problem that cannot be mitigated just with a technology solution. While many IT managers do understand the threat posed by social engineering techniques like phishing, employees need to be trained and constantly reminded of the risks. Phishing techniques have improved and now frequently include not only perfect grammar but employ social media contacts, vendor logos and may even include fake voicemail or SMS (smartphone text) links.

It is important for employees to get both direct training and real-world examples. Sending out fake phishing emails or posing as a third party to get network credentials can provide employees with an understanding of the risks that they would never get in a classroom or an annual slide presentation in the company lunchroom. KnowBe4 offers a free phishing security test  where companies can test just how phish-prone their users are.

About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses. For more information, visit www.KnowBe4.com.

About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.