Poor security culture accounts for three in four breaches.

Edward Gately, Senior News Editor

May 10, 2019

10 Min Read
Security Roundup
Shutterstock

Security culture was a big topic at this week’s KB4-CON, KnowBe4’s second annual user conference, which brought nearly 1,000 attendees to balmy Orlando, Florida.

KnowBe4 describes security culture as what happens with security when people are not being watched, and whether they are making smart security decisions. How difficult is security culture to gauge and change?

The topic was addressed by Kai Roer, co-founder and CEO of CLTRe, a Norway-based company that developed a framework and methodology of measuring culture as it relates to security. He gave a presentation on the topic during KB4-CON.

We spoke with Roer to learn more about security culture. He said everybody now is talking about security culture, but very few know what it actually means.

Roer-Kai_CLTRe.jpg

CLTRe’s Kai Roer

“According to our research, there are seven dimensions of security culture, or those parts of culture that influence security,” he said. “Those are attitudes, behaviors, communication, compliance, cognition, norms and responsibilities. Each of these dimensions are interconnected with each other, so if you change one of them, you will also influence the others.”

The good news is, if you change norms, that will have a direct impact on attitudes and behaviors, Roer said. The challenge has been how can norms be changed and “how can we do that in a controllable way,” he said.

“It’s the same with all of the dimensions,” he said. “How can we change communication, for example, in such a way that we get the results that we want?”

CLTRe’s assessment starts with a questionnaire given to all employees within an organization, and then analyzing the results to measure its security culture.

“What we do is ask very specific, tailored questions to, for example, figure out whether or not they keep a clean desk,” Roer said. “Our questions are designed in such a way that it’s reporting your own behavior, but it’s also reporting that behavior that you see in the organization. The reason we do that is social psychology, where you are more likely to reflect that behavior, those thoughts and ideas, of those of your peers, rather than hanging onto your own in that group. And when we are talking about culture, your own opinion and observations are really important.”

According to CLTRe, poor security culture accounts for three in four breaches. It can lead to such things as users being more susceptible to phishing attacks, unauthorized data sharing, and leaving their computer without first locking it.

Security awareness is a necessity, but to make it work across organizations and control it, “you need security culture, which encompasses behaviors, awareness, attitudes, norms, policies, all of those things, and then you get a platform like KnowBe4, which allows you to control and manage that culture across your organization,” Roer said.

Also at KB4-CON, Katie Brennan, KnowBe4‘s technical content director, shared the most interesting phishes of the past year. Cybercriminals play on users’ emotions and use current events, whether political or …

… natural disasters, to try to get users to click, she said.

“Anything can be weaponized,” she said.

KnowBe4’s phish alert button, which allows users to forward email threats to its security team for analysis and deletes the email from the user’s inbox, has been helpful in keeping its phishing template up to date, Brennan said.

“Over 3 million emails have been reviewed, we’ve received 10,000-12,000 reported emails every day,” she said. “It really helps us see the kind of attacks hitting users and trends. It’s doubled since last year, so it’s an exponential amount.”

Some companies don’t like phishing their users, but they have to to keep up with bad guys, Brennan said.

“After a baseline test, get everyone trained up and then continue phishing,” she said. “I like weekly phishing, but you can do bimonthly and monthly. With weekly, you’re really questioning every email you receive.”

Some of the latest threats include sextortion emails that now include real email addresses to make it look more authentic, Brennan said. Also, the bad guys are using file sharing to share malicious files with emails that have no red flags and look like authentic file share emails, she said.

“There’s also the man-in-the-middle variation,” she said. “The bad guys are being more targeted with attacks. They’re finding out what vendors you do business with, contacting your vendors and asking for a copy of your last invoice, saying they want to pay you, and they may respond with an actual invoice that includes the account number, amounts owe, and then they can target you. All would be identical to exactly what you owe.”

Proofpoint Shelling Out $120 Million for Meta Networks

Proofpoint is acquiring Meta Networks, an Israel-based startup that develops cloud-native security tools for enterprise wide area networks (WAN).

Proofpoint said the acquisition will strengthen its cloud-based architecture and people-centric security platform, allowing customers to better protect their people and the applications and data they access beyond the traditional perimeter. The deal is expected to close this quarter.

Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy, tells us the acquisition will add about 20 Meta Networks contributors to Proofpoint’s R&D center in Israel. The Meta Networks sales, technical and channel initiatives will be integrated following the close,” he said.

Kalember-Ryan_Proofpoint-2019.jpg

Proofpoint’s Ryan Kalember

“From a cloud perspective, our cloud access security broker (CASB) and email products help channel partners provide security teams with necessary visibility and control over cloud apps, to ensure cloud services are deployed with confidence,” he said. “The integration of Meta Networks’ cloud-based, zero-trust network access platform with Proofpoint’s CASB and web-isolation solutions will make it far simpler for enterprises to precisely control employee and contractor access to on-premises, cloud, and consumer applications and resources. This enables channel partners to help their customers ensure that an errant click that compromises a single user does not lead to …

… a full-blown breach.”

“Protecting people and resources beyond the traditional perimeter is perhaps the most critical security requirement in the cloud era,” said Etay Bogner, Meta Networks‘ founder and CEO. “Together with Proofpoint, we will continue to realize a security vision that adapts to the way both threats and infrastructure are moving: to the cloud. Proofpoint is at the forefront of this transformation and we are very excited to become a part of an incredible team.”

Exabeam Raises $75 Million to Continue Fighting Legacy Players

Exabeam has closed $75 million in Series E funding to accelerate its global efforts to displace legacy security management vendors like IBM, McAfee and Splunk.

The latest round is jointly led by new investor Sapphire Ventures and Lightspeed Venture Partners, which  collectively have backed nearly 40 IPOs. Other existing investors also participated. The funds will be used for expanding sales reach, and to expedite new product features and configurations.

Chris Stewart, Exabeam’s senior director of business and corporate development, tells us the funding allows his company to “continually push out the most innovative and advanced technologies possible to power next-generation security operations centers (SOCs).”

Stewart-Chris_Exabeam.jpeg

Exabeam’s Chris Stewart

“This gives our technology partners a platform that delivers enhanced integrations, which will ensure channel partners will gain new and highly effective resale opportunities,” he said. “We recently revamped our Exabeam Technology Alliance Partner Program (ETAPP), allowing us to build a better framework and mechanism for technology partners to integrate with. As our team executes on the R&D, this injection of capital will enable our channel partners to build out even more robust service offerings around our solutions and continue to have confidence that Exabeam will be the central security management platform for their customers.”

Legacy security information and event management (SIEM) providers are “outdated” and not built to handle the large amounts of data being processed on a daily basis, Stewart said. Legacy SIEM vendors are relying on humans and “antiquated” correlation methods, but a “more intelligent, modern solution is required to drill down on the most important data, he said.

“Fundamentally, legacy SIEMs are destined to fail under the weight and complexity of today’s threat landscape,” he said. “Our partners recognize that our solutions give their end users the most advanced protection, while enabling their SOC analysts to work smarter and faster. The funding will fuel accelerated market expansion and further build out our global sales force and world-class partner network. This will aid us in expanding our reach worldwide and winning even more replacement deals against our ineffective and cost prohibitive competitors — aka the legacy SIEM providers.”

Mimecast Rolls Out New Service for Financial Services Organizations

Mimecast this week announced the availability of Mimecast Supervision, designed to help financial services organizations address supervisory compliance requirements.

Regulated financial services firms are required to establish supervisory policies and may also face periodic regulatory audits. At the same time, firms are spending too much time and money maintaining …

… compliance, according to Mimecast.

Mimecast Supervision offers “a new level of efficiency” to the compliance review process for financial services organizations. Garth Landers, director of product marketing for the Mimecast Cloud Archive, tells us Mimecast Supervision will provide new opportunities for partners, particularly in financial services where regulatory requirements mandate the need for compliance supervision.

Landers-Garth_Mimecast.jpg

Mimecast’s Garth Landers

“Typically, the choice of a supervision application is tied to the archive platform as well, so there will be new opportunities where supervision might be driving the purchase,” he said. “However, the overall consideration of the platform, including e-discovery, backup, regulatory compliance and end user productivity, will play a factor as well. Financial services buyers tend to be thought leaders when it comes to archiving topics because of their mandatory regulatory obligations and governance events they face. And because of their requirements, demand a platform solution like Mimecast Cloud Archive. Mimecast Supervision will be a key door opener for partners looking to make an impact in that vertical.”

A key competitive advantage is the number of use cases Mimecast Cloud Archive supports in addition to supervision and the value that customers receive from a platform approach, Landers said.

“Looking at the functionality of Mimecast Supervision, no supervision offering today puts as much of a premium on enhancing the user’s productivity and efficiency; the product is very feature rich and in addition to reviewers, designed to give managers of the process the visibility and insights they need,” he said. “Finally, Mimecast Supervision is suitable for organizations of all sizes, including SMBs. Too often the archiving industry has put a mandatory minimum on the number of supervision users a vendor will support. Mimecast Supervision has no such limitations. There is a very underserved segment in smaller financial services firms seeking these capabilities.”

SolarWinds Beefs Up Portfolio with SentinelOne

SolarWinds has expanded its security portfolio with endpoint detection and response (EDR) through its partnership with SentinelOne.

This newest addition to the IT security portfolio aims to help MSPs prevent, detect and respond to the latest threats to customer endpoints with patented behavioral AI. The adoption of the SentinelOne platform provides SolarWinds partners with the ability to view threat and incident data to help keep customers ahead of threats – on most devices, virtual or physical, endpoint, server, or cloud – providing more visibility into suspicious activity and advanced attacks.

Daniel Bernard, SentinelOne’s chief marketing officer, tells us traditional antivirus (AV) has not kept pace with today’s range of fileless attacks and ransomware attacks.

Bernard-Daniel_SentinelOne.png

SentinelOne’s Daniel Bernard

MSPs must offer solutions that meet the challenges of the threat landscape, or they risk losing customers — SolarWinds EDR goes beyond traditional AV by using behavioral and static AI to provide prevention, detection and response in a single, lightweight agent,” he said. “Endpoints are proactively protected and capable of patented autonomous remediation. SolarWinds EDR puts a SOC on each endpoint. SentinelOne’s technology provides MSPs with the competitive advantage of deploying cutting-edge cybersecurity used by the world’s largest enterprises — such tools have typically been out of reach of MSPs.”

SentinelOne not only raises the MSP’s level of prevention, detection and response, but also increases the cybersecurity literacy of the MSP and MSSP community, Bernard said.

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like