A good security stack deserves a good security culture (Stu Sjouwerman, KnowBe4)
Manage episode 417326042 series 3571695
The human is often seen as the weak link in cybersecurity. You can have all the security tooling in the world, but if attackers target people they can still get in. People in general, so also employees of organizations, need to be made aware of how to spot these types of attacks. In other words, we need Human Detection and Response, i.e. HDR just as much as we need MDR and XDR.
KnowBe4 has been founded to address the challenges organizations have with educating their workforce on cybersecurity. During RSA Conference 2024, we sat down with founder and CEO Stu Sjouwerman.
We discuss the current state of affairs in security awareness inside organizations. A central theme for KnowBe4 nowadays is something they call adaptive human risk management. This is the foundation for a risk-based approach to cybersecurity through a human lens. You could see this as an extension of the many examples of risk-based cybersecurity approaches you can find in other areas of cybersecurity. The idea is to create a healthy security culture, alongside a good security stack.
There's more to it than security awareness training
We don't really discuss 'traditional' security awareness training all that much during our conversation. That's more or less table stakes now, even though there's still room for improvement on that front. However, KnowBe4 is also looking into new areas. Its acquisition of Egress is a clear example of this. Egress is a company that focuses on e-mail security. There already was a tight integration between the two players, which will become even tighter after the acquisition.
The fact that KnowBe4 ventures into the area of e-mail security may seem a bit strange at first sight. After all, KnowBe4 never was a 'traditional' security technology company, right? But if you factor into the equation that e-mail security is still the number one attack vector and that there a very strong human element to it, it actually makes perfect sense.
At the end of our conversation, we also touch on the role AI plays and is going to play in cybersecurity from a security awareness perspective. We zoom in on the rise of deepfakes. These keep getting better and better, so are harder and harder to detect for humans at the other end of them. Sjouwerman recognizes this is going to be a serious challenge, but he's also rather optimistic that common sense (and some technology of course) will eventually win this battle too.
We hope you enjoy this new episode of Techzine Talks on Tour.
Chapters
1. Security Training and Human Risk Management (00:00:00)
2. Future of Cybersecurity (00:16:23)
20 episodes