Some of you might remember Sunbelt Software, which from 1996 to 2010 sold system admin and security tools for Windows Server. I am one of the two co-founders of Sunbelt. After distributing other developer's tools for a few years we decided to become a security tool developer in the early 2000's. Our first security product was iHateSpam, followed by CounterSpy, and a few years later we released VIPRE Antivirus, a brand new and low-resource platform created from scratch to integrate antivirus and antispyware. As opposed to other antivirus solutions, VIPRE was not a resource hog, took off like a rocket, and we soon had many thousands of enterprise customers. Sunbelt was acquired by GFI in 2010 and the VIPRE brand is still doing great.
However, during that time I observed one problem. The bad guys were bypassing software-based security and went straight after the user. The moment the end-user clicks a link or opens an attachment, the risk of infection is much, much higher. Yes, you can try to protect your domain with URL blacklists and other layers but those get bypassed too. The average malicious website lives for just a few hours, and that often is not enough time to make it in the blacklist.
The problem? The user is the weak link in IT security. The only way to fix that issue is education and that is where I decided to focus my new company KnowBe4. We help IT professionals to defend their networks by educating their users about spam, phishing, spear phishing, social engineering and malware. But that's not all. We also automated the whole process of sending regular simulated phishing attacks to all end-users and track who opens and who clicks. That way you can weed out the weak links quickly and remedy the problem with some additional training, a chat with their manager, or ultimately a visit to HR.
And how did we create this security awareness training? I partnered with Kevin Mitnick (The World's Most Wanted Hacker) and over an 8-month period we distilled his 30+ year hacking experience in a 30-minute course for employees. Consider it another security layer that these days is super important, your 'human firewall' The Kevin Mitnick Security Awareness Training has been extremely well received, and you can check it out here.
However, during that time I observed one problem. The bad guys were bypassing software-based security and went straight after the user. The moment the end-user clicks a link or opens an attachment, the risk of infection is much, much higher. Yes, you can try to protect your domain with URL blacklists and other layers but those get bypassed too. The average malicious website lives for just a few hours, and that often is not enough time to make it in the blacklist.
The problem? The user is the weak link in IT security. The only way to fix that issue is education and that is where I decided to focus my new company KnowBe4. We help IT professionals to defend their networks by educating their users about spam, phishing, spear phishing, social engineering and malware. But that's not all. We also automated the whole process of sending regular simulated phishing attacks to all end-users and track who opens and who clicks. That way you can weed out the weak links quickly and remedy the problem with some additional training, a chat with their manager, or ultimately a visit to HR.
And how did we create this security awareness training? I partnered with Kevin Mitnick (The World's Most Wanted Hacker) and over an 8-month period we distilled his 30+ year hacking experience in a 30-minute course for employees. Consider it another security layer that these days is super important, your 'human firewall' The Kevin Mitnick Security Awareness Training has been extremely well received, and you can check it out here.