Unintended Consequences Of Compliance Seen As A Stumbling Block To Security
KnowBe4 announced a new release of their Compliance Manager, its latest cloud-based offering for IT managers who are challenged by the increasing complexity of managing compliance requirements, adding self-assessment capabilities.
KCM (KnowBe4 Compliance Manager), a cloud-based audit and compliance workflow automation tool, simplifies and consolidates the management of compliance requirements which often leave IT with a staggering amount of work, imperiling time and the resources they need to devote to IT security.
“Often corporate management relegates compliance to IT as another set of tasks and since it may not be integrated with the overall strategy, security ends up suffering and the growing list of tasks become too unwieldy to manage”, said Stu Sjouwerman (pronounced shower-man), Founder and CEO of KnowBe4. “KCM allows you to utilize compliance standards as part of your security baseline which saves time to work on higher levels of IT security.”
In smaller to mid-size companies, management of data security can be a daunting task. KCM makes it easier by enabling IT managers to keep track of requirements, assign controls and tasks to get and stay compliant thereby reducing risks and the millions of dollars in costs associated with non-compliance or security breaches. It allows IT to incorporate compliance standards to bridge the gap between compliance and security.
Designed as a cloud-based application, KCM consolidates multiple regulatory requirements and eliminates duplicate efforts preventing overlap and eliminating gaps.
According to Sjouwerman: “Getting ready for an audit for PCI, HIPAA, or GLBA initiates a wide range of emotions among IT managers, starting at annoyance and building into a scramble the closer it gets to the audit. KCM eliminates the pain of having to use multiple spreadsheets and spend duplicate efforts in the collection and compilation of compliance evidence”.
According to a study done by KnowBe4, a security awareness training and compliance firm, and research firm ITIC, 80 percent of companies say that "end user carelessness" is the biggest security threat to their systems and networks. Along with automated compliance management, KnowBe4 recommends firms should conduct regular risk assessment reviews as part of their security plan, adopt the 'defense-in-depth' strategy and create a strong first layer security policy, including training of employees. KnowBe4 offers Kevin Mitnick Security Awareness Training as a New School security awareness training approach, teaching end users an effective way to understand what to look for and how to handle threats.
Many experts have questioned the relevance of standards like PCI DSS since the Target and Neiman Marcus breaches in 2013. Being compliant is no guarantee of being secure, as seen by the epic security failures of these companies despite being PCI compliant. According to Gartner analyst Avivah Litan, nothing in the PCI standard would have helped Target detect and block the intrusion before it happened.
For more information, visit http://www.knowbe4.com.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.