CyberheistNews Vol 13 #45 [BUDGET AMMO] The Outstanding ROI of KnowBe4's Security Awareness Training Platform

Cyberheist News

CyberheistNews Vol 13 #45  |   November 7th, 2023

[BUDGET AMMO] The Outstanding ROI of KnowBe4's Security Awareness Training PlatformStu Sjouwerman SACP

You told me that recently your InfoSec budget process was getting a bit harder. You needed more signatures than before to get approvals, and that the time to buy (or even renew) your security tools was getting longer.

To help you speed up the process, I spent last weekend creating the most powerful budget ammo I could. Ultimately your organization needs to get the best ROI possible for your limited budget. With a slowing economy, your C-level execs will scrutinize the ROI of any purchase. Sending a concise, clear and convincing ROI analysis together with your budget request should help.

Here is the executive summary from our blog with a link to the rest of the post. We will also make this available as a PDF you can attach to your budget request. Let me know if this helps. You can always email me at

The Outstanding ROI of KnowBe4's Security Awareness Training Platform

Let me give you a quick introduction. My name is Stu Sjouwerman. I'm the Founder and CEO of KnowBe4, my 5th startup. I have been in IT for 40+ years, the last 25 of those in information security.

In my last company we built an antivirus engine from scratch and combined it with intrusion detection, prevention and a firewall. But we encountered a persistent problem that few organizations were addressing: end-users being manipulated by bad actors.

That's why I started KnowBe4, to help IT pros manage the ongoing problem of social engineering. In April 2021 we went public on the NASDAQ, and we were taken private in 2023.

Executive Summary

"One of your important responsibilities is to minimize expensive downtime and prevent data breaches. But skyrocketing ransomware infections shut down your network and exfiltrate data. Phishing is responsible for two-thirds of ransomware infections.

This is why security awareness training (SAT) has become a critical component of reducing risk and safeguarding digital assets. Here are the cost savings, productivity gains and business benefits one enterprise experienced by implementing KnowBe4's security awareness training platform, according to Forrester's Total Economic Impact of KnowBe4.

  • A three-year ROI of 276% with payback in less than 3 months
  • $432.3K in reduction in risk exposure over three years by building a stronger security posture via awareness training and simulated phishing testing
  • $411.3K cost avoidance by reduction in email alert investigations and response costs due to employee proactive threat response
  • $164.2K cost avoidance from leveraging KnowBe4's 35-language security training library and simulated phishing instead of in-house programs
  • Avoid cost increases in cyber insurance due to reducing outages caused by security incidents

The Upshot: Deploying the KnowBe4 platform is an extremely effective use of your limited InfoSec budget. It has powerful add-ons like anti-phishing defenses, real-time security coaching and compliance training. Customers tell us this is the best bang they get for their buck."

Here is the link to the rest of the blog post. Ask your Rep or Reseller for the PDF. Let us know if you need help with getting approval:

[NEW FEATURE] PhishER Plus and CrowdStrike Falcon Sandbox Integration

Do you need a faster way to further analyze user-reported malicious emails without risking your organization's environment? Your incident response and security operations teams are swamped, and you can't afford to slow down to switch applications or manually triage every file and URL.

The new KnowBe4 PhishER Plus and CrowdStrike Falcon Sandbox integration allows admins to investigate potentially malicious files faster, and more efficiently, all from a single console.

With the CrowdStrike Falcon Sandbox and PhishER Plus integration you get:

  • Automated Scans and Detonations: PhishER Plus rules and actions empower you to automate scans and detonations.
  • Streamlined Analysis: Simplify your workflow by analyzing links and attachments from a single, intuitive console: PhishER Plus. No more juggling multiple interfaces.
  • Maximized ROI: PhishER Plus seamlessly integrates with CrowdStrike Falcon Sandbox, amplifying its value and ensuring a higher return on your investment.
  • Effortless Triage and Reporting: Easily triage, analyze, and report on files or URLs found in malicious phishing emails.

Your time and expertise are valuable. The PhishER Plus integration with CrowdStrike Falcon Sandbox is designed to enhance both. Increase your operational efficiency, streamline your processes, and help your team stay on top of today's emerging threats.

CrowdStrike Falcon Sandbox Integration is available to KnowBe4 customers with a full PhishER Plus subscription.

Join us for a live 30-minute demo of the Plus features of PhishER and see this integration in action!

Date/Time: Wednesday, November 15, @ 2:00 PM (ET)

Save My Spot:

WSJ: 'SEC Sues SolarWinds Over 2020 Hack Attributed to Russians'

October 30, 2023, the Wall Street Journal broke news that the United States Security and Exchange Commission sued SolarWinds. Here are the first few paragraphs, and there is a link to the full WSJ article at the bottom:

"The software company victimized by Russian-linked hackers over three years ago, alleging the firm defrauded shareholders by repeatedly misleading them about its cyber vulnerabilities and the ability of attackers to penetrate its systems.

"The SEC's lawsuit is a milestone in its evolving attempt to regulate how public companies deal with cybersecurity. A hack that steals business secrets or customer data often pummels the victim company's stock price, showing why firms with public shareholders have to accurately disclose such threats, the SEC says."

The regulator recently imposed stricter cybersecurity reporting rules for public companies.

"The lawsuit also presents a different view of the breach of SolarWinds, which portrayed itself as the victim of a highly sophisticated intrusion that other government agencies said was part of a Russian espionage campaign. The intrusion went undiscovered for more than a year and gave intruders footholds in at least nine federal agencies that used SolarWinds' software.

"The SEC's role in cybersecurity is controversial, with business groups saying its investigations can shift blame to the victim. Other law-enforcement agencies prefer to keep quiet while they probe hackers and sometimes clash with the SEC over its demands for disclosure.

"The SolarWinds case is the first time securities regulators have gone to court with civil-fraud claims—the most serious charge at the agency's disposal—against a public company over a hack."

I suggest you send this WSJ Link to your C-level InfoSec decision makers. This is a first.

The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team

In response to improved email security measures, cybercriminals have pivoted to more advanced attack methods, namely artificial intelligence (AI), that bypass existing protections. But security defenders are also using AI in remarkable new ways to fortify their networks.

Join Erich Kron, Security Awareness Advocate for KnowBe4, and Michael Sampson, Principal Analyst at Osterman Research, as they dig into the findings of our latest joint report on The Role of AI in Email Security. They'll share tips on how your SOC team can identify and use AI to supercharge your anti-phishing defense.

In this webinar you'll learn:

  • How cybercriminals employ AI to circumnavigate traditional email security tools
  • The remarkable ways AI enhances detection accuracy
  • Top AI-driven security features IT buyers seek in email security products
  • Strategies to implement real-time threat intelligence data to stay ahead of ever-evolving threat actors
  • The incredible tools, such as crowdsourced threat intelligence and AI-powered blocklisting, that can stop phishing emails before they ever hit your users' inboxes

Stay ahead of cybercriminals. Learn to use AI to stay one step ahead of them!

Date/Time: TOMORROW, Wednesday, November 8 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:

September Sees a 32% Increase in the Number of Ransomware Attacks in Just One Month

Continued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year.

IT security vendor NCC Group's Cyber Threat Intelligence Report for September 2023 shows some startling revelations about why ransomware attacks are spiking. According to the report:

  • The lion's share of attacks were focused on the Industrial sector, who took the brunt of one-third of the ransomware attacks in September
  • Half of all attacks targeted the United States, with another 30% focused on Europe
  • Lockbit 3.0 was the dominant player, being responsible for 32% of all attacks last month

What's also disturbing is the presence of a newcomer ransomware threat group, RansomedVC, who are claiming responsibility for an attack on Sony at the end of September. This group first showed up on NCC Group's radar in August and jumped to the fourth-most active group in September, giving credence to the need to keep our eyes on their future activities.

Most of these ransomware groups still rely on phishing as their initial attack vector. This makes it imperative that security awareness training be a critical part of your organization's cyber defense strategy. You need to fend off social engineering attacks via email used to trick users into kicking off the attack.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

Do Users Put Your Organization at Risk With Browser-saved Passwords?

Cybercriminals are always looking for easy ways to hack into your network and steal your users' credentials.

Verizon's Data Breach Investigations Report shows that attackers are increasingly successful using a combo of phishing and malware to steal user credentials. In fact, password dumpers, which allow cybercriminals to find and "dump" passwords your users save in web browsers, took the top spot for malware in the Verizon report.

Find out now if browser-saved passwords are putting your organization at risk.

KnowBe4's Browser Password Inspector (BPI) is a complimentary IT security tool that allows you to analyze your organization's risk associated with weak, reused, and old passwords your users save in Chrome, Firefox, and Edge web browsers.

BPI checks the passwords found in the browser against active user accounts in your Active Directory. It also uses publicly available password databases to identify weak password threats and reports on affected accounts so you can take action immediately.

With Browser Password Inspector you can:

  • Search and identify any of your users that have browser-saved passwords across multiple machines and whether the same passwords are being used
  • Quickly isolate password security vulnerabilities in the browser and easily identify weak or high-risk passwords being used to access your organization's key business systems
  • Better manage and strengthen your organization's password hygiene policies and security awareness training efforts

Get your results in a few minutes! They might make you feel like the first drop on a roller coaster...

Find Out Now:

Microsoft's Lesson From Russia / Ukraine War: Cyber Defense Now Has the Advantage

Our friends at Cyberwire said: "In announcing its Secure Future Initiative, Microsoft sees Russia's hybrid war as having demonstrated that the advantage in cyberspace has swung from the offense to the defense.

"The war in Ukraine has demonstrated the tech sector's ability to develop cybersecurity defenses that are stronger than advanced offensive threats," the company writes. "Ukraine's successful cyber defense has required a shared responsibility between the tech sector and the government, with support from the country's allies.

"It is a testament to the coupling of public-sector leadership with corporate investments and to combining computing power with human ingenuity." And Redmond thinks that AI promises even more to the defenders. "As much as anything, it provides inspiration for what we can achieve at an even greater scale by harnessing the power of AI to better defend against new cyber threats."

Microsoft has committed to improving cyber defense in these ways:

  • "First, we are taking new steps to use AI to advance Microsoft's threat intelligence.
  • Second, we are using AI as a gamechanger for all organizations to help defeat cyberattacks at machine speed.
  • Third, we are securing AI in our services based on our Responsible AI principles."

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: The Bletchley Declaration by Countries Attending the AI Safety Summit November 2023:

PPS: [BUDGET AMMO] Yours Truly in INC Mag - "Generative A.I. Is Social Engineering on Steroids.":

Quotes of the Week  
"Hope is being able to see that there is light despite all the darkness."
- Bishop Desmond Tutu (1931 – 2021)

"The soul of man is immortal and imperishable."
- Plato - Philosopher (427 - 347 B.C.)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

Spear Phishing Becomes Most Common Attack Technique in Q3 2023

Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest.

"In Q2 2023, spear phishing-related techniques represented the three most observed methods of attack," the researchers write. "This remained true in Q3 2023, accounting for a total of almost 65% of all true-positive incidents. This trend will almost certainly continue."

Spear phishing links were involved in 24.5% of attacks, while internal spear phishing accounted for 23.7% of attacks. Spear phishing with attachments accounted for 16.5% of attacks.

"Another highly observed technique during Q2 2023 was User Execution: Malicious File (T1204.002), indicating that adversary-controlled malware ran on a local or remote system," the researchers write. "Attempts to distribute malware are common in various attack types, but frequently follow spear phishing."

ReliaQuests outlines the following measures to help defend against spear phishing attacks:

  • "Correctly configure email gateways to quarantine suspicious emails.
  • Keep security awareness programs up to date with the latest phishing and social-engineering techniques.
  • Use multi-factor authentication (MFA) in the event that employees' credentials are compromised.
  • Block inbound emails that have file extensions typically used for malware delivery (e.g., those on executable files, such as [.]exe and [.]msi).
  • Configure a Group Policy Object (GPO) to change the default execution engine of JavaScript files from WScript to Notepad and any additional script files you see fit. This will prevent these files from being executed on the host.
  • Implement USB access control and GPOs to prevent autorun command executions. Consider disabling any removable media access if business conditions allow."

New-school security awareness training can give your organization an essential layer of defense against social engineering attacks.

Blog post with links:

Octo Tempest and Its Menacing Phishbait

Microsoft is tracking a cybercriminal group called "Octo Tempest" that uses threats of violence as part of its social engineering and data theft extortion campaigns.

"Octo Tempest is a financially motivated collective of native English-speaking threat actors known for launching wide-ranging campaigns that prominently feature adversary-in-the-middle (AiTM) techniques, social engineering, and SIM swapping capabilities," the researchers write.

"Octo Tempest, which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944, was initially seen in early 2022, targeting mobile telecommunications and business process outsourcing organizations to initiate phone number ports (also known as SIM swaps). Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency."

The threat actor relies on social engineering to gain initial access to its victims' environments.

"Octo Tempest commonly launches social engineering attacks targeting technical administrators, such as support and help desk personnel, who have permissions that could enable the threat actor to gain initial access to accounts," Microsoft says.

"The threat actor performs research on the organization and identifies targets to effectively impersonate victims, mimicking idiolect (the speech habits peculiar to a particular person) on phone calls and understanding personal identifiable information to trick technical administrators into performing password resets and resetting multi-factor authentication (MFA) methods.

"Octo Tempest has also been observed impersonating newly hired employees in these attempts to blend into normal on-hire processes." The group has expanded its operations and grown more aggressive since the beginning of the year. It also became an affiliate of the ALPHV/BlackCat ransomware-as-a-service operation.

"In late 2022 to early 2023, Octo Tempest expanded their targeting to include cable telecommunications, email, and technology organizations," Microsoft says. "During this period, Octo Tempest started monetizing intrusions by extorting victim organizations for data stolen during their intrusion operations and in some cases even resorting to physical threats."

Blog post with links:

What KnowBe4 Customers Say

"Stu, I am emailing you to let you know how great Alex R. was as a Customer Success Manager with my time working with KnowBe4.

I was assigned Alex as my customer success manager almost two years ago at my previous employer when I started our cybersecurity training. We instantly hit it off as we had many commonalities including attending the same college at the same time, as well as our love of sports.

Alex was great in assisting me set up our annual training as well as our PhishER during our initial set up, and continued to work with me whenever I needed help to tweak any chances that I thought we needed.

In January of this year, I changed jobs and moved to a new company that was using KnowBe4, but not to its fullest potential. I reached out to Alex to see what we needed to do to have him assigned as my Customer Success Manager once again, and he made it happen.

After everything was taken care of, we built out our KnowBe4 platform from the ground up once again and have been using all of the features ever since. Alex is hands down one of the best people I have worked with in my IT career, and I wanted to just make sure that it was recognized!"

- O.T., Dir Information Technology

The 10 Interesting News Items This Week
  1. How AI Lends Phishing Plausibility:

  2. Sweeping White House AI order includes mandate for commercial developers:

  3. Russian Reshipping Service 'SWAT USA Drop' Exposed:

  4. FTC orders non-bank financial firms to report breaches in 30 days:

  5. Massive cybercrime URL shortening service uncovered via DNS:

  6. Social engineering: Hacking minds over bytes Social engineering:

  7. Canada bans WeChat, Kaspersky apps on government mobile phones:

  8. White House hosts Counter Ransomware Initiative summit, with a focus on not paying hackers:

  9. 3 ways Microsoft's new Secure Future Initiative (SFI) aims to tackle growing cyber threats:

  10. A New Way to Tell Deepfakes From Real Photos: Can It Work?:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews