4
The Cost of Not Focusing on Security Culture The Cost of Not Focusing on Security Culture
With 85% of data breaches being caused by social engineering or human error
2
, it is clear that
organizations can't afford to neglect the importance of the human side of cybersecurity. Over the
past few years, there has been a meteoric rise in attacks seeking to bypass technology by targeting
humans. And it's working. Ransomware continues to make headlines due to large scale attacks like
those that targeted Colonial Pipeline
3
, JBS Foods
4
, and Kaseya
5
.
This trend only grows as technology-based defenses improve. Attackers are drawn to the path of
least resistance. They want to save time, effort, and cost. And because technology-based defenses
can be difficult to penetrate using technology-only attack methods, cybercriminals view employees
as the most attractive attack vector. Because of this, employees have become the de facto attack
vector of choice for cybercriminals. Their knowledge, beliefs, values, and behaviors will be the
difference between protection and breach. That's why focusing on security culture is so important.
An organization's employees are at the center of everything; they can either be easy prey, or they
can become an effective human layer of defense.
KnowBe4's Security Culture Expertise KnowBe4's Security Culture Expertise
KnowBe4 has more security culture experts and has invested more in the study of security culture
than any other vendor. For example, KnowBe4 employees Kai Roer, Perry Carpenter, and Joanna
Huisman are three of the world's most well-known and respected security culture experts. While at
Gartner, Perry and Joanna headed up Gartner's research efforts into security awareness, behavior
management, and culture. As part of that, they worked with thousands of CISOs and security
awareness leaders around the world, advised dozens of vendors, and spent hundreds of hours
reading and authoring research into these topics.
In 2019, KnowBe4 acquired CLTRe (pronounced 'culture'), a company founded by Kai Roer. Kai and
his team have been providing consulting services, studying, and creating tools and processes to
measure security culture for over a decade. During that time, Kai's Security Culture Framework
and Security Culture Survey have been adopted and actively used by organizations of all types
around the world. These tools have even been utilized and promoted by multiple governments and
governmental institutions.
Both Perry and Kai are award-winning authors on the topic of security culture. Perry's book,
"Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach
Us About Driving Secure Behaviors" (2019) was recently inducted into the Cybersecurity Canon Hall of
Fame, and Kai's book, "Build A Security Culture" (2015) has long been thought of as the go-to resource
for security professionals looking to gain greater control of their organization's security culture.
2
https://www.verizon.com/business/resources/reports/2021/2021-data-breach-investigations-report.pdf
3
https://www.cnn.com/2021/06/04/politics/colonial-pipeline-ransomware-attack-password/index.html
4
https://www.reuters.com/technology/jbs-paid-11-mln-response-ransomware-attack-2021-06-09/
5
https://www.csoonline.com/article/3626703/the-kaseya-ransomware-attack-a-timeline.html