SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Top risky security behaviours of employees revealed
Wed, 7th Jun 2023

Security awareness training and simulated phishing platform KnowBe4 has announced that its newest SecurityCoach product has revealed the top 10 risky behaviours that employees have engaged in on their work devices. 

SecurityCoach helps IT/security professionals to develop a strong security culture by enabling real-time security coaching of their users in response to risky security behaviour. Leveraging an organisation’s existing security stack, IT/security professionals can configure their real-time coaching campaigns to immediately deliver a SecurityTip to their users related to a detected event. 

KnowBe4 is a provider of a global security awareness training and simulated phishing platform, which is used by more than 60,000 organisations around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. 

Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence.  

The findings from the top 10 risky behaviours of employees that organisations have detected by integrating SecurityCoach with their existing security offerings include:  

Entertainment domain/streaming services, Gaming website Greymail, Adult website, Unauthorised or malicious application, Risky website detected, Unauthorised removable media, Sharing of personal identifiable information (PII), Cloud backup or cloud storage, Malicious email attachment opened.

The human factor is involved in 82% of data breaches, according to the 2022 Verizon Data Breach Investigations Report. However, according to IDC, less than 3% of IT spending is allocated to help secure the human layer. 

“With the proliferation of social engineering attacks, employees continue to be the biggest risk factor,” says Stu Sjouwerman, chief executive officer at KnowBe4. 

“However, with proper training and coaching, they can become a human firewall and your last line of defence. These findings from our new SecurityCoach product are definitely concerning and reiterate the importance of developing a strong security culture.”  

In April, KnowBe4 announced the launch of a free 30-day trial for the SecurityCoach product for those interested in experiencing a way to offer real-time security coaching to enhance security culture.

KnowBe4 integrates or partners with over 20 of the world's top cybersecurity platforms across Endpoint, Network, Identity, Cloud and Data Security.

SecurityCoach is KnowBe4's newest, first-of-its-kind product which offers real-time security coaching aimed at reducing risky behaviour. 

KnowBe4's SecurityCoach preview allowed organisations to set up their security vendor integrations and detect risky activity on their devices. The product can help combat the threat of social engineering techniques such as phishing, spear phishing and impersonation. Cybercriminals use these techniques to manipulate an organisation's employees in attempts to hack into their systems.