KnowBe4 Continues Strategic M&A, Beefs Up Services

(Pictured above: KnowBe4 CEO Stu Sjouwerman at the company’s KB4-CON event in Orlando, Florida, May 9.)

KNOWBE4 KB4-CON — KnowBe4 is leaving its competition in the dust, racking up more than 25,000 customers, 24 straight quarters of uninterrupted growth and a new investment partner in KKR.

That’s what Stu Sjouwerman, KnowBe4’s CEO, told attendees at the start of this week’s KB4-CON, the company’s second-annual user conference, in Orlando, Florida. Attendance has more than tripled from about 300 last year to nearly 1,000 at the current conference.

KnowBe4 provides security awareness training and simulated phishing.

“We have hundreds of MSPs or MSSPs that write us into their rollout,” he said. “For these types of organizations, it’s quite a good deal because on one hand you can charge a little more, but your costs are going down because … it saves time.”

KnowBe4 is continuing its acquisition strategy by acquiring El Pescador, the first Brazilian platform to conduct simulations of phishing attacks and security awareness training, and a soon-to-be announced acquisition of a company that’s focused on security culture, he said.

“This technology will give you insight into those dimensions of security culture (behavior, cognition, communication, compliance, norms, responsibility and attitude), how to compare and improve them,” Sjouwerman said. “In order to permanently change your organization’s risk profile, it’s important to build full security culture.”

In December, KnowBe4 launched its PhishER platform, designed to help security teams analyze, prioritize and manage email that has been reported as suspect by employees. It also has launched new live action security training series, and its training will be translated to 32 different languages this year, Sjouwerman said.

“There [are] still a whole bunch of things that haven’t changed,” he said. “We’re still confronted with problems. Antivirus is less and less relevant … your email filters are still letting through malicious emails … and every malicious email that gets through is too much. Ransomware is still a major threat, focusing on in businesses and non-profits … nothing is sacred.”

Sjouwerman also pointed to the latest Verizon Data Breach Investigations Report (DBIR), which highlights the increasing threat of financially motivated social engineering. CEO fraud is so rampant that the report created a new category for it, he said.

“The percentage of state-affiliated actors is climbing and catching up with organized crime,” he said.

One glimmer of hope in the report is phishing security vendors like KnowBe4 are making progress in preventing phishing attacks from being successful, Sjouwerman said.

“You have to note that your cybersecurity insurance policies very often don’t cover incidents caused by social engineering or cap at a very low amount,” he said. “So go back, look at your policies and negotiate additional riders.”

Perry Carpenter, KnowBe4’s chief evangelist and strategy officer, said “we’re in it to support the partners” and the channel is really good for a company like his.

“They’re kind of betting on a losing horse if they going with other vendors,” he said. “The gap between where we are and they are is …