ITIC: Home

The cost of downtime continues to increase as do the business risks. An 81% majority of organizations now require a minimum of 99.99% availability. This is the equivalent of 52 minutes of unplanned outages related to downtime for mission critical systems and applications or ,just 4.33 minutes of unplanned monthly outage for servers, applications and networks.                                         

 Over 98% of large enterprises with more than 1,000 employees say that on average, a single hour of downtime per year costs their company over $100,000, while an 81% of organizations report that the cost exceeds $300,000. Even more significantly: three in 10 enterprises – 33% – indicate that hourly downtime costs their firms $1 million or more (See Exhibit 1). It’s important to note that these statistics represent the “average” hourly cost of downtime.  In a worst case scenario – if any device or application becomes unavailable for any reason the monetary losses to the organization can reach millions per minute. Devices, applications and networks can become unavailable for myriad reasons. These include: natural and man-made catastrophes; faulty hardware; bugs in the application; security flaws or hacks and human error. Business-related issues, such as a Regulatory Compliance related inspection or litigation, can also force the organization to shutter its operations. For whatever the reason, when the network and its systems are unavailable, productivity grinds to a halt and business ceases.   

Highly regulated vertical industries like Banking and Finance, Food, Government, Healthcare, Hospitality, Hotels, Manufacturing, Media and Communications, Retail, Transportation and Utilities must also factor in the potential losses related to litigation as well as civil penalties stemming from organizations’ failure to meet Service Level Agreements (SLAs) or Compliance Regulations. Moreover, for a select three percent of organizations, whose businesses are based on high level data transactions, like banks and stock exchanges, online retail sales or even utility firms, losses may be calculated in millions of dollars per minute.

» Click to Keep Reading »

ITIC’s coverage areas continue to expand and evolve based on your feedback. We will now feature Q&As with industry luminaries and experts discussing hot industry trends and technologies.

Longtime security professional, Stu Sjouwerman is the founder and CEO of KnowBe4.com a “New-school” IT security firm based in Tampa, Florida. It specializes in on-demand Internet Security Awareness Training (ISAT). The company’s goal is to enable organizations to quickly solve the increasingly urgent security problem of social engineering and avoid attacks before they occur. Sjouwerman also publishes an Electronic newsletter called Cyberheist News.

Prior to founding KnowBe4.com, Sjouwerman was president, CEO and founder of Sunbelt Software – now ThreatTrack Software which makes the VIPRE security package, originally developed by Sjouwerman and his team at Sunbelt Software. For 17 years he was also the editor of the popular WServerNews electronic newsletter which had a worldwide distribution of 400,000.  ITIC recently sat down and interviewed Sjouwerman about security threats, how companies can defend themselves and avoid common mistakes.

ITIC: Tell us about KnowBe4:

Stu Sjouwerman: We are the “new school” or next generation security awareness training. Old style security tactics and training don’t cut it anymore. In the Digital Age of sophisticated and dangerous Ransomware and increasingly dangerous and prolific Cyber attacks, it’s not enough to follow dos and don’ts. KnowBe4 offers training and advice to assist businesses in combating the latest threats. For example, we will perform fully automated simulated phishing attacks. This lets corporations identify who the culprits are in advance of an attack. It’s proactive and preventive. We train people to be well aware of all of the latest threats from Ransomware to Internet of Things (IoT)-based Denial of Service (DDoS) attacks to phishing attacks that are out there. Our main focus is on phishing attacks but it’s not our only focus.

ITIC: Ransomware attacks are happening with alarming frequency and the Wanna Cry attack on Friday, May 12th was the worst yet. To date it’s infected corporations in 150 countries and over 200,000 machines worldwide. Surprisingly, Security firms have stepped in with fixes and sound advice, but the threat of Wanna Cry and other Ransomware attacks still persists. What’s KnowBe4’s position?

» Click to Keep Reading »

“We have met the enemy and it is us.”

This quote aptly describes the current state of security and cyber security.

End users now arguably pose a bigger immediate and ongoing threat to the cyber security of consumer and corporate devices, applications and networks.

Those are the findings of ITIC’s latest 2017 Security Survey which found that 80% of 650 corporate respondents said that end user carelessness and failure to implement and install security on their BYOD and mobile devices are more dangerous than targeted hacks and rogue code.

That said, the organizations which ranged from SMBs with 25 users to large enterprises with over 10,000 employees, are painfully aware of the threat posed by Ransomware, Bots, Phishing scams, Trojans, Viruses, other types of malware and even targeted corporate espionage, are all capable and culpable of wreaking havoc.

Cyber security and protecting corporate and consumer assets and will always be, a 50-50 proposition. End users and IT administrators, own 50% of the responsibility to secure their devices and adhere to safe computing practices. For starters, this means getting security training and actually installing and utilizing security mechanisms. Too often, corporate employees and consumers disable security safeguards because of usability issues. Similarly, security vendors bear 50% of the responsibility to incorporate strong security mechanisms into their products. The onus is also on vendors to provide businesses and consumers with regular updates. Transparency is also a must for the entire vendor community; they must respond quickly, acknowledge security flaws when they occur and quickly move to deliver guidance and release fixes when bugs or glitches are discovered.

» Click to Keep Reading »