KnowBe4, a provider of security awareness training (SAT) and simulated phishing platform, has announced the acquisition of CLTRe - pronounced “Culture”- a Norwegian company focused on helping organisations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year. Cybersecurity and cyber threat mitigation The finance industry demonstrated an overall healthy improvement in culture from 2017 According to the 2018 Cybersecurity Culture Report, 95 percent of organisations see a gap between their current and desired organisational cybersecurity culture. With 94 percent of malware being delivered via email (2019 DBIR), it’s clear that working with users to minimise cyber risk and improve security culture is key. The 2018 Security Culture Report shows the value of being able to measure culture, helping organisations to demonstrate the effectiveness of their organisational security controls, as required by GDPR, CCPA and other regulations. Interestingly, the finance industry demonstrated an overall healthy improvement in culture from 2017 while the real estate industry showed a decline. CLTRe Toolkit and Security Culture Framework CLTRe created the CLTRe Toolkit and the Security Culture Framework, which work in tandem to help organisations gather evidence about their current security culture and how it changes over time. The acquisition of CLTRe is advantageous for both KnowBe4 and CLTRe clients; KnowBe4 users will gain access to a research-driven measurement platform to show how their security culture program matures over time. And CLTRe clients will be introduced to the industry’s most progressive and easiest-to-use SAT and simulated phishing platform to help educate users and change their behaviour. CLTRe measures the seven dimensions of security culture: behaviour, responsibilities, cognition, norms, compliance, communication and attitudes. Quotes by industry experts: Stu Sjouwerman, CEO, KnowBe4 “Today’s announcement brings KnowBe4 very valuable tools to help our customers measure what matters – their security culture – so they can make decisions about how to improve. We’re excited to welcome Kai and the CLTRe team to the KnowBe4 family and to enhance our European presence while supporting more global customers.” Kai Roer, CEO, CLTRe “KnowBe4 is a leader in innovation and has a wonderful track record for growing quickly but with a very specific focus on improving security at the human-level. This is a natural fit for our evidence-based analytics and measurement tools, as KnowBe4 customers will now be able to measure their security cultures, benchmark against their industry sectors, and pinpoint exactly what kind of security culture they have. With KnowBe4 and CLTRe, organisations can gain true insight into their security culture, improve their security with pinpoint accuracy, report their progress to their board of directors, and educate their users to make smarter security decisions.” Perry Carpenter, Chief Evangelist & Strategy Officer, KnowBe4 “From my former life as a Gartner analyst, I have a strong appreciation for evidence over opinion, which is what CLTRe gives to its clients in the form of a data-driven examination of their security culture. To change user behaviour and address awareness, we have to understand and change security culture. CLTRe gives organisations the tools to understand where they are today so they can get to where they want to go tomorrow.” Espen Otterstad, CISO at Abax (CLTRe customer) “Our work with CLTRe has been important to helping us gauge the maturity of our security culture over time. Now that CLTRe is part of KnowBe4, we have a very real way to advance the maturity of our program and test the knowledge of our user’s understanding via KnowBe4’s fresh content, engaging trainings and simulated phishing tests. The combination of CLTRe and KnowBe4 means that we can improve security within our organisation through training and phishing tests and manage our security culture program while proving ROI.”
KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform, announced the results of an independent survey, which found that an overwhelming majority of corporations – 96% – say security awareness training improved their corporate security culture. Further, an 86% majority of respondents say the training lowers the overall risk posed by cyber security scams. These are the findings of the KnowBe4 2018 Security Awareness Training Deployment and Trends Survey, an independent web-based survey that polled 1,100 organisations worldwide in September 2018. The study queried organisations on the leading security threats and challenges facing their firms as cybersecurity attacks increase and intensify. Helping organisations in repelling hacks The survey data showed that security awareness training helps organisations recognise and repel hacks in a majority of instances"“Social engineering – such as phishing scams – now ranks as the number one cause of network hacks, and email is usually the chief culprit,” said Stu Sjouwerman, CEO, KnowBe4. “Security breaches disrupt productivity and put organisations, their data assets, intellectual property, employees and customers in danger. The survey data showed that security awareness training helps organisations recognise and repel hacks in a majority of instances.” The study also polled organisations on the initiatives they’re taking to more proactively combat the growing diversified and targeted cyber threats. The study found that 88% of respondents currently deploy security awareness training tools. The businesses report that security awareness training is an effective mechanism that has an immediate impact on minimising risk and positively changing employee culture. Other top survey findings include: Social engineering was the top cause of attacks, cited by 77% of respondents, followed by malware (44%); user error (27%) and a combination of the above (19%) and password attacks (17%). Some 84% of respondents said their organisations could quantify the decrease in successful social engineering attacks (e.g., phishing scams, malware, zero day, etc.) after deploying security awareness training to their end users after just a few simulated exercises. This is based on 700 anecdotal responses obtained from the essay comments and first-person interviews. On average, respondents reported that social engineering cyber hacks like phishing scams and malware declined significantly from a success rate of 40%-50% to zero to five percent after firms participated in several KnowBe4 security awareness training sessions. Almost three-quarters – 71% of survey participants – indicate their organisations proactively conduct simulated phishing attacks on a monthly, quarterly or weekly basis.