Item: KnowBe4 Security Awareness Training
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

KnowBe4 Security Awareness Training is used across our whole organization. We have over 1,000 employees as well as 10,000+ freelance software testers online, and the solution has helped us improve information security awareness and posture. More specifically, we have significantly reduced our exposure to malicious code through various online attack vectors, with email being the primary culprit.

Pros and Cons

Continuous reinforcement and training
One-click campaigns
Detailed dashboard and reporting options
Simple and intuitive interface

Extension of supported platforms into online collaboration suites (e.g., Teams) and professional networking services (e.g., LinkedIn)
More niche advice such as what to do when your LinkedIn profile has been cloned
Advice on integrating security training performance with individual employee performance appraisal

Return on Investment

Reduced IT security training budget by 54%
Provided key metrics on IT security to improve our compliance efforts
Made IT security fun and engaging to all employees throughout the company

Alternatives Considered

SANS Advanced Cybersecurity Learning Platform and PhishProtection

SANS was too heavy handed and too intensive for the average user in the company. PhishProtection dealt with the narrow domain of phishing attacks only. We chose KnowBe4 for its ease of use and accessibility, not only for the IT security team but based on overall level of engagement from all of our user base. It also covers much more than just phishing attacks and provided better protection of all IT security domains.

KnowBe4 Training Content

It has raised the profile and awareness of IT security throughout the company. Certain employees developed their own gamification based on regular touch points and interactions from our implementation of KnowBe4 Security Awareness Training. There is an informal competition to see who can score the highest and drinks at the pub are on offer!

KnowBe4 User Management

We use standard best-practice administration principles. Users are assigned to groups with roles that have certain pre-defined permissions. Changes in permissions will be carried out on defined roles and pushed down to groups and individual users. Access control should never list individual users, only groups. Permissions may change over time through roles.

KnowBe4 Reporting

Metrics that help us with our compliance stance, such as GDPR in the UK and Europe and SOX in the U.S. KnowBe4's Compliance Audit Readiness Assessment (CARA) has been invaluable and together with constantly updated metrics from KnowBe4 Security Awareness Training underpins our efforts to demonstrate compliance with various requirements such as GDPR, SOX, and so on.

Likelihood to Recommend

For medium to large companies where the majority of your employees are working distributed online in a collaborative manner, KnowBe4 Security Awareness Training is essential to mitigate employee mistakes clicking on that interesting or enticing link, which may have devastating consequences. We use Microsoft 365 and on a daily basis are getting multiple impersonation and phising attacks; it seems Microsoft is unable to do anything about this, so KnowBe4 has stepped up to fill the gap.

User Provisioning

We use SSO with Google Workspace (formerly G Suite or Google Apps) and the SSO integrations has allowed us to automate most new user provisioning tasks, as well as plan, manage, track and report on cloud accounts security training and compliance. Many other larger enterprises with numerous SSO systems in place will find this feature invaluable as well.

AI-Driven Phishing & Training

Advanced algorithm driven personalised training (I wouldn't go so far as to label it as AI yet) has enabled us to automate many of the planning, design, implementation and reporting of ongoing cloud security training initiatives. Using flexible templates the algorithms have been able to customise training delivery on the fly, based on training requirements and the unique personal preferences of the user base collected from online behaviour, usage times and application profiles.

Usability

We have trialled a couple of other solutions similar to KnowBe4, mostly partners of Microsoft 365 but have found them wanting in terms of features, functionality, ease of use, flexibility and agility for new and emerging information security threats and user training mitigation strategies. For now and we can't see this changing in the next few years, KnowBe4 stands clearly head and shoulders above its peers in this space.

Security Awareness Training with PhishER

There is a separate pilot project looking at this but this has not been widely implemented to all our user base yet. Depending on the progress of the pilot, we may be rolling it out end of this year around Q4 2021 time frame. The concept is great and we love it, but we are wary how the user base would respond as we are knowingly testing them with real world phishing content - albeit with malware payloads removed. There is a building consensus in our use base that we should be protecting them from active threats and not "trick" them into clicking on malware links.

Be prepared with KnowBe4 Security Awareness Training

Overall Satisfaction with KnowBe4 Security Awareness Training