ITIC: Home

Archive for the ‘Security’ Category

ITIC’s coverage areas continue to expand and evolve based on your feedback. We will now feature Q&As with industry luminaries and experts discussing hot industry trends and technologies.

Longtime security professional, Stu Sjouwerman is the founder and CEO of KnowBe4.com a “New-school” IT security firm based in Tampa, Florida. It specializes in on-demand Internet Security Awareness Training (ISAT). The company’s goal is to enable organizations to quickly solve the increasingly urgent security problem of social engineering and avoid attacks before they occur. Sjouwerman also publishes an Electronic newsletter called Cyberheist News.

Prior to founding KnowBe4.com, Sjouwerman was president, CEO and founder of Sunbelt Software – now ThreatTrack Software which makes the VIPRE security package, originally developed by Sjouwerman and his team at Sunbelt Software. For 17 years he was also the editor of the popular WServerNews electronic newsletter which had a worldwide distribution of 400,000.  ITIC recently sat down and interviewed Sjouwerman about security threats, how companies can defend themselves and avoid common mistakes.

ITIC: Tell us about KnowBe4:

Stu Sjouwerman: We are the “new school” or next generation security awareness training. Old style security tactics and training don’t cut it anymore. In the Digital Age of sophisticated and dangerous Ransomware and increasingly dangerous and prolific Cyber attacks, it’s not enough to follow dos and don’ts. KnowBe4 offers training and advice to assist businesses in combating the latest threats. For example, we will perform fully automated simulated phishing attacks. This lets corporations identify who the culprits are in advance of an attack. It’s proactive and preventive. We train people to be well aware of all of the latest threats from Ransomware to Internet of Things (IoT)-based Denial of Service (DDoS) attacks to phishing attacks that are out there. Our main focus is on phishing attacks but it’s not our only focus.

ITIC: Ransomware attacks are happening with alarming frequency and the Wanna Cry attack on Friday, May 12th was the worst yet. To date it’s infected corporations in 150 countries and over 200,000 machines worldwide. Surprisingly, Security firms have stepped in with fixes and sound advice, but the threat of Wanna Cry and other Ransomware attacks still persists. What’s KnowBe4’s position?

[keep reading…]

Eight out of 10 — 82% — of the over 600 respondents to ITIC’s 2014-2015 Global Server Hardware and Server OS Reliability survey say security issues negatively impact overall server, operating system and network reliability. Of that figure a 53% majority of those polled say that security vulnerabilities and hacks have a “moderate,” “significant” or “crucial impact on network availability and uptime (See Exhibit 1).

Overall, the latest ITIC survey results showed that organizations are still more reactive than proactive regarding security threats. Some 15% of the over 600 global corporate respondents are extremely lax: some seven percent said that security issues have no impact on their environment while another eight percent indicated that they don’t keep track of whether or not security issues negatively affect the uptime and availability of their networks. In contrast, 24% of survey participants or one-in-four said security has a “significant” or “crucial” negative impact on network reliability and performance.

Still, despite the well documented and high profile hacks into companies like Target, eBay, Google and other big name vendors this year, the survey found that seven-out-of-10 firms – 70% – are generally confident in the security of their hardware, software and applications – until they get hacked.

[keep reading…]

The Bring Your Own Device trend has created a security “Achilles Heel” for a 56% majority of organizations that have no response plan in place to deal with lost, stolen or hacked BYOD notebooks, tablets and smart phones. And 56% of organizations also acknowledge they are not fortifying their existing security measures, taking extra precautions or implementing security training despite recent high profile security attacks against Fortune 1000 firms like Adobe, Reuters, Target, Skype, Snapchat and others.

Equally alarming is that 50% of companies concede their corporate and employee-owned BYOD and mobile devices may have been hacked without their knowledge in the last 12 months, consequently leaving their datacenter servers and mission critical applications vulnerable to internal and external security breaches. Anecdotal evidence obtained from first person customer interviews indicates that 75% of IT and security managers are now lobbying executive management to construct mobile and BYOD-specific security policies to plug potential vulnerabilities.

Those are among the top findings of the ITIC/KnowBe4 “2014 State of Corporate Server, Desktop and BYOD Security Trends Survey.” The joint independent Web-based survey polled 300+ organizations in February 2014 on a wide range of issues including the organization’s approach to security; the biggest security threats and challenges facing their firms and the company’s preparedness to recognize and react to potential breaches.

[keep reading…]