KnowBe4 States Bruce Schneier is Wrong: Internet Security Trains Employees to Have Judgement KnowBe4, Security Awareness Training firm, counterpoints Bruce Schneier's stance against Internet Security - says premise that people cannot be trained to have judgement is foolhardy and a liability to small and medium-sized enterprises
CLEARWATER, Fla., March 20, 2013 /PRNewswire-iReach/ -- Bruce Schneier, a renowned security expert, comments in a recent blog post that he doesn't feel that security training to handle the human element of people clicking on malicious links is valid. KnowBe4, the security awareness training firm of Stu Sjouwerman and Kevin Mitnick, states Schneier is wrong and the ramifications of trying to convince people that they shouldn't do everything they can to protect themselves in today's internet environment is irresponsible.
Internet security training is proven to lower incidents of cyber crime by raising people's awareness. (1) The time and money consumed picking up the pieces after attack is far more detrimental to a business than the time and money spent training individuals on the front end.
According to CNBC, in the last year there were over 300,000 internet crime complaints submitted to the FBI (2). System breaches are costly for American businesses, particularly small companies that lack sufficient resources to employ additional security layers. Internet security firm, KnowBe4 says because of this disadvantage small businesses are an easy target for cyberthieves who view them as low-hanging fruit. (3)
Stu Sjouwerman, KnowBe4 Founder and 30-year veteran in IT security, knew the impact cybercrime would have on small businesses years ago. After selling his anti-malware firm, Sunbelt Software, to the GFI conglomerate, he partnered with Kevin Mitnick to develop a SAAS (software as a service) that uses knowledge of the latest cybercrime tactics to train employees against serious cyber theft. KnowBe4 services the hardest hit industries for cybercrime – finance and healthcare – ranging from banks and credit unions to hospitals and insurance companies.
Sjouwerman says there are more cyberheist cases every day and advises small businesses to employ steeper security measures sooner rather than later.
Case in Point: When David Johnston woke up that morning, the last thing on his mind was cybercrime. But unfortunately, his company Sign Designs Inc., an electric-sign maker in Modesto, California was on a hacker's mind. And then there was the phone call from their bank, Bank of Stockton, inquiring about a $9,670 electronic payment to a Chase customer in Michigan. Sign Designs confirmed it hadn't set up the payment and the banks halted the transaction.
However, they were a little late. Close to $100,000 had been transferred out of their account and distributed to 17 money mules. The Bank of Stockton responded as rapidly as they could once they discovered the online deception. They managed to secure a little more than half of the absconded funds but $48,000 was already in the hands of the hackers.
Naturally, Bank of Stockton declares no responsibility since its security systems were never actually penetrated. The bad guys had planted malicious software on the computer of Sign Designs' controller (from clicking on an unknown-to-be malicious link) and used it to steal his online-banking credentials. The bank also says Sign Designs failed to take advantage of security measures that might have averted losses, such as requiring two staff members to sign off on every payment.
Sjouwerman says the time and costs of protecting the company infrastructure is no longer detrimental to a small business, but the 'false sense of security' is a real barrier.
Today's Security Awareness Training is different and should include/have the following:
- Contain current cybercrime trends to effectively educate
- Be created from the viewpoint of a hacker
- Trains employees in an interactive, web-based format which includes live demonstration videos and short tests
- Have regularly-scheduled phishing security tests to help keep employees on their toes
- Produce management reports to know the "repeat offenders" and take action to protect the company
"It'd be nice to have everything automated for us so that we did not have to think," stated Sjouwerman facetiously. "Employers want employees to have judgement in their duties – especially when it comes to determining the best course to take to protect company security – companies need to weigh the costs associated with getting attacked versus prevention."
If it wasn't clear what KnowBe4's stance was, it is now: "Internet security is no longer an option – it's a must."
For more information on how KnowBe4 and Kevin Mitnick can protect businesses against cybercrime, visit http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. He and his colleagues work with companies in many different industries, including highly-regulated fields such as healthcare, finance and insurance. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.
1. Sjouwerman, Stu. "Visible Proof The KnowBe4 System Work." KnowBe4.com/visible-proof-the-knowbe4-system-works/ 2012-2013.
2. Wisnefski, Kenneth. "Cybersecurity: Are You Protected From Your Own Employees?" CNBC.com. Consumer News and Business Channel, 3 Mar. 2013. Web. 15 Mar. 2013.
3. Smith, Gerry. "Small Businesses A Growing Target For Hackers." The Huffington Post. TheHuffingtonPost.com, 24 Oct. 2011. Web. 15 Mar. 2013.