Meet unicorn cybersecurity startup KnowBe4, which has a trickster CEO, a legendary felon as its 'chief hacking officer,' and a rumored IPO on the horizon
cybersecuritystartup KnowBe4 is reportedly preparing for an IPO.
- The company sells cybersecurity training and tries to trick its customers' employees into clicking on fake emails and phony social media notifications.
- This kind of training is more important than ever as remote work has left employees particularly susceptible to social engineering attacks, as evidenced by a hack on Twitter and other attacks.
Cybersecurity training startup KnowBe4 is anything but dull: It has a rumored initial public offering on the horizon, a legendary, convicted-felon hacker helping to lead the company, and routinely catfishes its paying customers.
Its eccentric tactics come in handy, because training employees on safe cybersecurity practices has never been more important than it is now with millions of people working remotely, far from the oversight of IT staff.There are lots of interesting things about KnowBe4, beginning with its possible public offering ahead. A mammoth, $309 million private equity funding round in June 2019 gave KnowBe4 a billion-dollar valuation, and the 1,000-employee Florida firm is readying itself for an IPO, Reuters reported earlier this month.
KnowBe4 tries to trick its customers with social engineering ploys – enticing employees to click on malicious links or provide access to company data and systems – then follows that deception with interactive training in a dizzying variety of formats. "Some people like animation, some people like to walk through slideshows, some people like live-action. We've got all that," says Sjouwerman. All of its trainings seek to avoid jargon and pique interest with challenges and games.The one-two punch of trickery and engagement is a stark contrast from the typical, plodding security training, KnowBe4's chief says.
"Security awareness training in the past was essentially: Herd everyone into the break room, keep them awake with coffee and donuts, and then it's death by PowerPoint," says Sjouwerman. "They tend to use all kinds of technical terms where your average employee immediately shuts down and falls asleep."The cybersecurity industry routinely discusses terms like "homomorphic encryption standardization" (rules for working with computer code that is not visible for security reasons), and multi-vector attack surface (places where companies are vulnerable to hackers). Sjouwerman says that's more than just a turn-off to average workers: it endangers them. "The amount that this industry throws around acronyms and jargon is one of the issues that causes people to not understand their own risks," he says.
Perhaps the least-boring things KnowBe4 has done – which is saying a lot considering it often opens presentations with card tricks – is hiring a legendary hacker and convicted felon as a top executive.
Kevin Mitnick, once considered the world's most famous hacker, spent five years in prison for fraud. He claims the sentence was as long as it was because the US was afraid he could launch a nuclear war by "whistling into a payphone" to hack servers triggered by sounds.Now a
"It gives us instant credibility. You have a thought-leader who used to be a digital delinquent himself, went to jail, turned his life around," says Sjouwerman. "Kevin is my business partner. I gave him half the company. I had the choice between owning 100% of a muffin or owning 50% of a really large pie. I chose the pie."
KnowBe4 has a big piece of the cybersecurity training pie, with other smaller
KnowBe4 helps its customers test employees by leaving thumb drives with enticing names in their work stations, or sending them what seem to be social media notifications that are actually phishing lures such as criminals use to capture employees' data."Bad guys can hack hardware, and that's like three months worth of work. They can hack software, which is maybe three weeks. Or they can hack humans, which takes three minutes."
Sjouwerman walks the walk when it comes to social engineering. After an interview with Business Insider, he craftily sent an email that "spoofed" the reporter's email address, so it looked like the reporter sent it.
- Netflix India beats Amazon Prime for its Customer Experience in the media streaming category, shows Kantar’s CX+ report
- India's contact tracing app Aarogya Setu comes under the scanner again — three departments fail to explain their role in its development
- Acer announces 11th gen processors starting at ₹54,999
- LG Wing swivel phone and Velvet dual screen phone launched in India
- Hong Kong bars Air India flights for fourth time as passengers test positive for COVID-19