Notable data breaches that took place during the first half of 2015 and affected millions, such as Anthem and OPM, have left many CEOs and CISOs scrambling. As a result, security awareness training is taking place more often in organizations' boardrooms – not just lunch rooms.
Stu Sjouwerman, CEO of the Tampa, Fla.-based KnowBe4, explained, “With the average cost of a data breach skyrocketing and costs of ransomware infections running more than $18,000 per victim, relegating security awareness training to an annual lunchtime 'death by PowerPoint' is no longer a viable option.”
He added that many companies have found their backup systems failed after a ransomware infection, pointing to a need for more proactive action.
Data from the FBI's Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe.
IC3 said CryptoWall and its variants have been targeting U.S. victims since April 2014. The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling more than $18 million.
“People are used to having a technology solution [but] social engineering bypasses all technologies, including firewalls,” KnowBe4 Chief Hacking Officer Kevin Mitnick said. “Technology is critical, but we have to look at people and processes. Social engineering is a form of hacking that uses influence tactics.”
Phishing – and its aftermath – is the most serious concern for five out of six of security-focused decision makers, according to the Black Diamond, Wash.-based firm Osterman Research. “It is important to invest sufficiently in employee training so that the 'human firewall' can provide the best possible initial line of defense against increasingly sophisticated phishing and other social engineering attacks,” the firm stated.
Risk managers know it is far cheaper to train users than to pay the fines and heavy costs associated with a data breach, which Juniper Networks estimates to account for $2.1 trillion dollars by 2019.
Sjouwerman said the majority of KnowBe4's growth has taken place in the financial sector, an area that is targeted four times as often as other industries. He said companies in the financial sector have taken the initiative to move away from the annual, compliance-focused “break room” training approach to a more effective, behavioral-based approach – they've begun to use Kevin Mitnick Security Awareness Training, which teaches users how to recognize threats with a combination of online, on-demand training and simulated phishing attacks that arrive in their inbox at work.
“Since we are the only company to offer a crypto-ransom guarantee [KnowBe4 covers the ransom in Bitcoin if a customer gets hit with ransomware after training its users], we moved up on the priority list,” Sjouwerman explained.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
