Latest news with #StuSjouwerman
Business Times
05-07-2025
- Business Times
I'm human. Are you? The quest for our online identity
It's every manager's worst nightmare: Hiring a remote employee who turns out to be a North Korean hacker intent on loading malware on to your network. But that's what happened to the US cyber security company KnowBe4 last year, as the company's founder, Stu Sjouwerman, described in a candid blog post. KnowBe4 had posted a job ad for an AI software engineer, interviewed candidates by video, conducted background checks, verified references and made an offer. But soon after the company sent a Mac workstation to the remote employee's notional address, he went rogue. The company quickly discovered he was a fake North Korean IT worker, who had used a valid, but stolen, US-based identity to land the job. He then accessed the workstation remotely from Asia via an 'IT mule laptop farm'. Thankfully, no data was compromised but the company said it was a 'learning moment'. 'If it can happen to us, it can happen to almost anyone. Don't let it happen to you,' Sjouwerman wrote. This scary incident highlights the difficulties of authenticating someone's identity online – even by specialist security experts. But that challenge is about to become immeasurably harder as we outsource more responsibilities to AI chatbots and agents, getting them to perform many administrative functions online, and we generate lifelike video avatars. Up to now, the internet has mostly involved machines communicating with machines and humans interacting with humans. But increasingly those lines are blurring. We're close to the point where chatbots and avatars are all but indistinguishable from humans online. How can you be sure that you're not interacting with a synthetic human? As is the way with Silicon Valley, some tech executives have come up with a proposed solution to the problem they have created, profiting from both sides of the transaction. Prominent among them is Sam Altman, who triggered the generative AI investment frenzy after his company OpenAI released ChatGPT in 2022. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up Altman has also co-founded Tools for Humanity, which has developed an iris-verification device, a white globe about the size of a football, called the Orb. 'We needed some way for identifying, authenticating humans in the age of AGI,' he told an event in San Francisco this year. 'We wanted a way to make sure that humans stayed special and central.' Once a user's eye is scanned, the company sends them a World ID, a global digital passport, and US$42 in Worldcoin cryptocurrency as a reward for joining the network. As of April, some 13.5 million people in 23 countries had used the Orb to generate a World ID. The service was launched in the UK last month. The Orb is undoubtedly trying to address a real user need. But, quite apart from the scary Black Mirror vibes, it is questionable how effective the iris-scanning service will be. The need for a special machine to identify and authenticate any user (there are currently more than 1,500 Orbs in operation) makes the system clunky and expensive. The insistence on one centralised digital identity deprives a user of the freedom to have multiple, disconnected identities, raising privacy concerns. The World ID passport also risks becoming a walled garden that may not interoperate with other ID networks, such as the EU Digital Identity Wallet, which will become operational across the bloc by 2026. Nevertheless, some security experts suggest that we are rapidly entering a world where our default assumption must be that all online counterparties are synthetic unless they can prove otherwise. That creates a need to demonstrate genuine presence online, or 'liveness', as Andrew Bud, founder of the biometric authentication company iProov, calls it. iProov's premium service has been used more than 100million times by customers, including governments and financial services companies, through a smartphone-based facial recognition system. This shoots multicoloured lights at a user's face and analyses the reflections, verifying their identity in about 2.5 seconds. 'Digital identity is a set of facts. But trust does not reside in facts. It resides in people,' Bud tells me. That means linking those facts to a human being who controls those facts. 'And for that you're going to have to use biometrics.' The identification and authentication of users is one of the hardest challenges we face on the internet because technology is evolving so fast, but it is critical that we meet it. The likely next threat? Masses of synthetic hackers. FINANCIAL TIMES
Straits Times
04-07-2025
- Business
- Straits Times
I'm human. Are you? The battle for our online identity
The increasing ubiquity of AI makes it harder to authenticate who someone is in the digital realm. The identification and authentication of users is one of the hardest challenges we face on the internet because technology is evolving so fast, but it is critical that we meet it. It's every manager's worst nightmare: hiring a remote employee who turns out to be a North Korean hacker intent on loading malware on to your network. But that's what happened to the US cyber security company KnowBe4 in 2024, as the company's founder Stu Sjouwerman described in a candid blog post. KnowBe4 had posted a job ad for an AI software engineer, interviewed candidates by video, conducted background checks, verified references and made an offer. But soon after the company sent a Mac workstation to the remote employee's notional address, he went rogue. The company quickly discovered he was a fake North Korean IT worker, who had used a valid, but stolen, US-based identity to land the job. He then accessed the workstation remotely from Asia via an 'IT mule laptop farm'.
Techday NZ
13-05-2025
- Business
- Techday NZ
Security training cuts phishing risk by 86% globally in a year
A newly published report indicates that security awareness training reduces global phishing click rates by 86%. The "Phishing by Industry Benchmarking Report 2025" compiled by KnowBe4 analysed 67.7 million phishing simulations involving 14.5 million users across 62,400 organisations worldwide. The report found an average global baseline Phish-prone Percentage (PPP) of 33.1%. This metric refers to the proportion of employees interacting with phishing simulations before undergoing structured security awareness training (SAT). According to the report, SAT significantly reduces susceptibility to phishing. The findings show that the global PPP drops by 40% after three months of education and by 86% following a full year of continued training. The study highlights that ongoing and effective SAT not only decreases risk but also establishes a stronger security culture within organisations. Measurable improvements become evident as quickly as three months after training begins. Stu Sjouwerman, Chief Executive Officer of KnowBe4, stated, "The data speaks for itself — security awareness training truly makes a difference. From 2024 to 2025, the general trend has remained fairly consistent — around one-third of employees click on a simulated phishing link before taking part in training." "However, the data shows a slight improvement in 2025. Within a year, we've seen a 3.5% decrease in the global baseline PPP, highlighting a positive shift in overall security awareness worldwide. However, there is still significant progress to be made in fully addressing phishing risks. By consistently prioritising relevant and engaging training, combined with simulated phishing, organisations can strengthen their human risk management strategies and better protect against phishing to improve overall security culture." he added. The report examined risk differences by sector and organisation size. Healthcare and pharmaceuticals, Insurance, and Retail and wholesale emerged as the most at-risk industries, with baseline PPPS of 41.9%, 39.2%, and 36.5%, respectively. This indicates that employees in these sectors were most likely to engage with potential phishing threats prior to training. Larger organisations faced a greater initial risk. Those with over 10,000 employees had an average baseline PPP of 40.5%. Organisations with between 1 and 250 staff had a lower average baseline of 24.6%. The data indicates that the scale of an organisation can correspond with a heightened vulnerability to phishing before remedial action is taken. Among organisations with 1,000 to 9,999 employees, the Healthcare & Pharmaceuticals, Hospitality, and Legal sectors all achieved an improvement of 91% in PPP scores after 12 months of ongoing SAT, demonstrating the potential for marked risk reduction within a year of continuous education. Regional variation was also apparent in the findings. The highest baseline PPPs were found in South America at 39.1%, North America at 37.1%, and Australia and New Zealand at 36.8%. These figures indicate regional disparities in initial vulnerability to phishing before introducing training regimes. The report provides quantifiable evidence that sustained investment in SAT, including simulated phishing campaigns, can result in enduring changes to employee behaviour. The decline from a global baseline PPP of 33.1% to just 4.1% after 12 months underscores the tangible benefits of a measured and continued approach to cybersecurity education.
Yahoo
13-05-2025
- Business
- Yahoo
KnowBe4 Report Reveals Security Training Reduces Global Phishing Click Rates by 86%
KnowBe4's 2025 Phishing by Industry Benchmarking Report shows a drop in the global Phish-prone™ Percentage (PPP) to 4.1% after 12 months of security training TAMPA BAY, Fla., May 13, 2025--(BUSINESS WIRE)--KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its "Phishing by Industry Benchmarking Report 2025" which measures an organization's Phish-prone™ Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization's overall susceptibility to phishing threats. This year's report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT). The data underscores the significant impact of SAT in mitigating risk. The rapid decline in the global PPP following the implementation of training — falling by 40% in just three months and by a total of 86% after 12 months — demonstrates that ongoing, effective training leads to lasting behavior change and a substantial reduction in vulnerability to cybersecurity threats. This highlights the critical role of continuous education in building a stronger security culture within organizations, even in as little as three months. KnowBe4 analyzed 67.7 million phishing simulations globally, across 14.5 million users from 62.4 thousand organizations. The baseline PPP (33.1%) reflects an organization's susceptibility to phishing before any KnowBe4 training. Employees then undergo KnowBe4's SAT, and the PPP is recalculated after 90 days and again after one year-plus of ongoing training to quantify the program's effectiveness. Other Key Findings from the Phishing By Industry Benchmarking Report: Globally, the top three most at-risk industries with the highest baseline PPP were Healthcare & Pharmaceuticals (41.9%), Insurance (39.2%), and Retail & Wholesale (36.5%). Larger organizations faced a higher initial phishing risk, with those having 10,000+ employees showing a global baseline PPP of 40.5%, compared to 24.6% for organizations with 1-250 employees. In organizations of 1,000-9,999 employees, three sectors all achieved PPP improvement rates of 91% after 12 months of on-going training: Healthcare & Pharmaceuticals, Hospitality and Legal. Across the different regions, the highest baseline PPPs were found in South America (39.1%), North America (37.1%), and Australia and New Zealand (36.8%). "The data speaks for itself — security awareness training truly makes a difference," said Stu Sjouwerman, CEO of KnowBe4. "From 2024 to 2025, the general trend has remained fairly consistent — around one-third of employees click on a simulated phishing link before taking part in training. However, the data shows a slight improvement in 2025. Within a year, we've seen a 3.5% decrease in the global baseline PPP, highlighting a positive shift in overall security awareness worldwide. However, there is still significant progress to be made in fully addressing phishing risks. By consistently prioritizing relevant and engaging training, combined with simulated phishing, organizations can strengthen their human risk management strategies and better protect against phishing to improve overall security culture." To download a copy of the Phishing by Industry Benchmarking Report 2025, visit here. About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. View source version on Contacts Media Contact:Kathy WattmanSVP of Public Relationskathyw@ 727-474-9950
National Post
29-04-2025
- Business
- National Post
KnowBe4 Appoints Bryan Palma as President and CEO
Article content TAMPA BAY, Fla. — KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, announced that cybersecurity industry veteran Bryan Palma has been appointed president and chief executive officer of KnowBe4, effective May 5. KnowBe4's founder and current chief executive officer Stu Sjouwerman has transitioned to the role of executive chairman. Article content Palma is a highly regarded technology executive with over twenty-five years of experience and a proven track record of scaling global technology enterprises by driving profitable growth, improving customer experience, and delivering operational agility. Most recently, he was the chief executive officer of Trellix, a multi-billion dollar cybersecurity market leader formed through the merger of FireEye and McAfee Enterprise. Prior to joining Trellix, he guided some of the world's leading organizations through pivotal technology and business transformations including Cisco, Boeing, EDS, PepsiCo, and the US Secret Service. Palma earned a masters of business administration from Duke University's Fuqua School of Business, masters of education from the University of Maryland, and bachelor of arts from the University of Richmond. Palma serves on the President's National Security Telecommunications Advisory Committee and the CloudBees board of directors. Article content 'KnowBe4 is an incredibly important company in the cybersecurity ecosystem and at the forefront of human risk management and artificial intelligence,' said Palma. 'I am humbled to join the company at such an important moment and accelerate the leadership position established by Stu and the team. I am looking forward to serving our global customers and proudly calling myself a Knowster.' Article content Executive chairman, Stu Sjouwerman founded KnowBe4 over fifteen years ago and over the last two decades has led the company through multiple rounds of venture capital funding, executed key strategic acquisitions, successfully led a public offering, and grew KnowBe4 to serve over 70,000 customers. Article content Sjouwerman said, 'As Founder of KnowBe4, I am grateful to contribute to the creation of a new market category focused on managing human risk and confidently leave KnowBe4 in the capable hands of Bryan.' As executive chairman, Sjouwerman will help guide KnowBe4's artificial intelligence innovation and work closely with Palma on the transition. Article content KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. Article content Article content Article content Article content Contacts Article content Article content Article content
