Friday, February 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

If You Think Security Awareness Education is Expensive, Try Ignorance

by Corporate Compliance Insights
April 21, 2015
in GRC Vendor News

Facts surrounding spear phishing all point to employees as the most cited culprits and security awareness training as the most effective remedy. Yet all training programs are not equal.

Recent research sponsored by KnowBe4 shows email spear phishing is now the number one source of data breaches with human error at the bottom of it all. A new study released from Osterman Research says 67% of respondents say malware has successfully penetrated their corporate networks through email with web surfing a close second at 63%. Another 23% say malware has infiltrated their networks but they still don’t know how.

With 91% of successful data breaches coming from a phishing or spear-phishing email, KnowBe4 has increased its toolset to include more advanced anti-phishing tools with good results. In a 12 month period of time, KnowBe4 analyzed 3600 phishing tests sent out to 291,000 seats. The results showed the top 4 click-bait emails which all bring in double-digit clicks: LinkedIn Inmail at 19.9%, an email from “IT” to change your password at 18.8%, Amazon at 13.7%,  and UPS at 11.4%.  While a recent Proofpoint study says 1 in 10 users typically click on a malicious URL, the most recent Verizon report puts the open rate of phishing emails average at 23% and the click-through rate at 11%.

KnowBe4 CEO Stu Sjouwerman noted,“For compliance reasons, too many companies still rely on a once-a-year breakroom ‘death by PowerPoint’ training approach, or just  rely on their filters, do no training and see no change in behavior. Our Kevin Mitnick Security Awareness Training is an integrated platform for awareness education combined with an extensive library of templates that allow IT managers to schedule regular phishing tests to keep users on their toes with security top of mind. After our training we see a radical decrease in clicks on phishing emails from an initial average of 16 percent to a phone-prone percentage of just 1.28% after 12 months.

The most recent PWC 2015 Global Information Security Survey shows businesses that have security awareness report significantly lower average financial losses from cybersecurity incidents and those that do not train employees reported annual losses of four times greater than those who train..

According to Websense Security Labs, one third of end users continue to click away at malicious email links, demonstrating that they are increasingly “desensitized” from warnings, lack a feeling of responsibility, and lack enterprise-driven education.

“A good security awareness program will help the user recognize red flags and give him a sense of confidence in his ability to spot a social engineering attempt,” said Sjouwerman. “It is much less expensive to train your staff than suffer the consequences of a data breach to your bottom line and the company’s reputation. As Derek Bok, former Harvard University president, once said: If you think education is expensive, try ignorance.”

For more information visit: www.KnowBe4.com
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.


Previous Post

Conselium: Boston Scientific Names Elena Kolosova Compliance Counsel in Moscow

Next Post

Leading Governance Lawyers Launch the American College of Governance Counsel (College Announces Inaugural Fellowship Class)

Corporate Compliance Insights

Related Posts

red paper plane breaking rank from white paper planes

Diligent to Become Largest Global GRC SaaS Company Through Galvanize Acquisition

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
hands fitting puzzle pieces together on yellow background

LexisNexis® Risk Solutions and Accuity Join Operations

February 18, 2021
concept next generation technology

NICE Launches Next-Gen Compliance Solution

February 1, 2021
Next Post

Leading Governance Lawyers Launch the American College of Governance Counsel (College Announces Inaugural Fellowship Class)

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights