Any security professional will remind you, security is only as good as the weakest link. Modern cybersecurity technologies like email filtering, network firewalls, zero trust, and endpoint protection do the heavy lifting, but even the latest and greatest detection technologies are usually on the back foot. By the time any security product is involved, it’s already on the back foot, responding to a threat that shouldn’t be present in the first place. In any modern company with an extant cybersecurity program, the weakest links are the human beings working there, who represent easier and more lucrative targets for malicious actors than the company’s digital systems.
As technology professionals, we keep abreast of developing cybersecurity threats, including both software vulnerabilities and new social engineering techniques. But for other workers with their own areas of expertise, a security-first mindset is rare, and that fact can be–and often is–exploited. Cybersecurity awareness training helps seal that gap, but implementing that training in-house shifts the burden back to IT or security staff, who may be experts in security operations but often aren’t effective instructors or simply can’t spare the time.
When new software vulnerabilities are discovered, the playbook is well understood: administrators analyze their exposure, take action to minimize risks immediately, and expeditiously deploy the appropriate patches as they become available. Unfortunately, mass patching is not yet available for human beings.
In keeping with our policy of working with the best in the business, we’ve selected KnowBe4 as our go-to cybersecurity awareness training partner. Having suffered through a multitude of competing training programs, and managed even more as administrators, we’ve found KnowBe4’s Kevin Mitnick Security Awareness Training delivers the most engaging (and therefore effective) content to users, thanks to the world’s largest library of training videos, games, artwork, assessments, and more. On the management side, it’s fantastically simple to deploy and operate, and with the AI features included in Diamond subscriptions can be almost completely hands-off.
For companies with dedicated security staff, or those wanting dedicated tools to help handle phishing attacks, KnowBe4 also offers the PhishER add-on, a lightweight SOAR tool for managing and responding to email threats. The Phish Alert Button allows users to notify administrators of an attack that made it past any filters, where PhishML applies machine-learning to help prioritize even during a deluge of malicious emails. Administrators can then use Emergency Rooms to identify similar messages by common attributes, PhishRIP to remove those dangerous emails from users’ inboxes, and PhishFlip to turn a legitimate attack into a safe training opportunity.
One of the most common responses we hear after deploying KnowBe4 training is “that was surprisingly painless” followed by “why can’t other trainings be like that?” KnowBe4 now offers the Compliance Plus add-on, delivering training to meet compliance requirements in the following areas:
- Business ethics
- Data privacy
- Data protection
- Diversity, equity, and inclusion
- Employment law
- Harassment and discrimination
- Workplace safety
Dreadnought is authorized to sell KnowBe4 products in the United States, Canada, continental Europe, and the United Kingdom.