Javvad Malik is the Lead Security Awareness Advocate of KnowBe4 which provides a security awareness training for the millions of employees of their combined 50,000 organizational customers worldwide.
“We focus on the human side of security as opposed to the technology side that most other people focus on, because the technology can be brilliant, but if people don’t know how to use it properly, they’re going to make mistakes. And we see that whenever breaches occur, or a company gets hacked… in the majority of cases there’s been an issue where someone has made a mistake, or they’ve been fooled into doing something,” he explained.
KnowBe4 focuses on training people, informing them on cybersecurity, and helping them to make smart decisions. Malik likened their approach to what it’s like to teach your child to cross the road safely.
“You don’t have to teach them to cross every single road in the world, but you teach them what the principles are, and then they can apply that wherever they go. That’s primarily what we focus on.”
Chief Research Officer Kai Roer came on board to KnowBe4 a few years ago through an acquisition. According to Malik, Roer is the foremost expert on how companies can build strong security cultures, something he has been speaking on since long before anyone else clued in.
“Now everyone is talking about it.”
KnowBe4 employs a scientific approach to understanding the data, and understanding what an organization’s culture is really like. From determining what is needed to improve the culture, to determining where the culture is failing, the vast amounts of data that KnowBe4 has access to shows how the improvement of culture can lower the security risk. One thing he was certain of was that this was the gain that everyone at Infosecurity was there for. To lower risk. To understand how to lower risk.
Roer explained further, “One of the really big game changers with what we do, compared to many others on the floor here is that we have data – and by data we mean huge amounts of data. The benefit of having that data set is that we can start looking at correlations between, for example, a kind of training and a certain behaviour.”
Roer also came representing a newly published book he co-authored alongside Perry Carpenter titled, ‘The Security Culture Playbook: An Executive Guide to Reducing Risk and Developing your Human Defense Layer.’ All about security culture, it has reportedly been well received by the industry, with its fresh approach to cybersecurity. That being the human element.
“Now,” he explained, “the industry and the people here are getting to a level of maturity, if you like, where we can have informed discussions about this topic, which is a huge benefit for everybody.”
How does the training work?
Including a series of training content as well as simulated phishing emails and other risk notifications, KnowBe4 training is targeted and tailored to every individual employee who uses it. For example, if an employee clicks one of the simulated phishing links, they might then be directed to some training, or pointed to the company policy. Additionally, this data might be tracked to build up a risk profile for every employee and more largely, the company.
What does KnowBe4 think about the cybersecurity industry as a whole? How is it changing? Will it ever be perfect?
“I don’t think this industry is ever going to be perfect. Then again, I don’t think any industry can be perfect. We can strive towards it, but there will always be this gap, however small or large. In our industry currently it’s large, but it’s getting smaller. And that’s the important thing. We must remember where we got from, from 30 years ago, we were combatting computer worms and spam. Today, we are discussing how can we make you and everyone else do the right thing.” Roer said.
Malik believes that the landscape of the industry has changed incredibly, especially in the last few years. Many people have shifted to remote working and using their own devices instead of on-premises ones, meaning that even if companies do have a good security system, they are not protected from, for example, employees clicking on dangerous links.
Is the human aspect the next big trend in cybersecurity?
“I think it’s been recognized as the big trend for a while now. I think the vendors have taken time to catch up. Now you’ll see more vendors providing stuff for the human element… They can have the best technologies in the world, which are still needed, but if they can still get breached or ransomware can hit their organization because someone replied to an email… That’s always going to be a big gap,” Malik said.
This is where KnowBe4’s enormous amount of data comes in. “We need facts,” Kai said, explaining how the industry can take that step forward to close the gap. “And I believe we should use this data to further the industry and help everybody.”