Using Machine Learning to Find Human Social Engineering Risks

More cybersecurity help from Tampa Bay, Fla.-based KnowBe4 that designed new tools using artificial intelligence tool to help financial institutions prevents social engineering tactics such as phishing from harming organizations.

KnowBe4, which provides security awareness training and a simulated phishing platform to improve how organizations use their people as part of its security defense, announced Virtual Risk Officer and Advanced Reporting among the new features, which utilize AI for deeper reporting and more insight into organizational cybersecurity risk.

“KnowBe4 is an InfoSec organization first, and we’re always researching how we can help existing and future customers better protect themselves from social engineering threats that are increasing in frequency and sophistication,” Stu Sjouwerman, CEO of KnowBe4, said.  He added, The Virtual Risk Officer and Advanced Reporting features are the latest in a line of innovations designed to look deeply into an organization and provide the most accurate view of the effectiveness of their security awareness training program. “We’ve integrated a deep learning neural network that evaluates risk changes over time within an organization, which helps cybersecurity professionals measure how their security awareness program performs.”

The new features in detail include:

• Virtual Risk Officer. Helps security or IT professionals identify risk at the user, group or organizational level, resulting in better decision making for their security awareness plans.
• Virtual Risk Score. A supplement to the VRO helps organizations identify groups most apt to click on a phishing link, who remains without training and which are the highest-risk groups.
• Advanced Reporting. Gives access to more than 60 built-in reports that give a holistic view of the entire organization over time. Each report, which formerly took hours to create and are now available immediately, gives visibility into the organization’s security awareness performance based on trainings taken and simulated phishing data.
• Group Report Card and Phish-Prone Percentage. Helps IT and security managers better understand how groups are performing, how often they responded to a simulated phishing email, and how much time they have spent training.

The VRO employs artificial intelligence to provide more than an overall risk score. “A risk score is much more than just call a phish prone percentage. This allows you to focus a little more on who needs attention,” Sjouwerman said.

The way the features work is through a new tab in the KnowBe4 console. “Ultimately you want to assess the amount of risk your employees create because they are still the weakest link in the organization,” Sjouwerman said.

Sjouwerman noted a big reason for developing the new features was reaction to customer suggestions. “We have tens of thousands of customers and wanted to respond to their needs for more direct insight into how their organization evaluates risk, and give them real tools to see how their security awareness training program is performing. IT, the security teams and HR absolutely have to know the propensity for risk their users bring to the table, so they can turn that vulnerability into a strength.”

The KnowBe4 CEO added his firm decided, “Let’s use some machine learning and create those reports automatically so that everybody has them. We decided to just give that to all the accounts. This is not an up sale, you just get this. We are alive. Every customer has this in their console as we speak.”

While the new features are not specific for any market vertical, financial institutions, including many credit unions, represent the number one slice of KnowBe4’s cybersecurity pie, about 20% out of its some 21,000 total customers.