Latest news with #KnowBe4
Associated Press
a day ago
- Business
- Associated Press
New KnowBe4 Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources
Security awareness training significantly lowers phishing vulnerability as understaffed state and local governments seek low-resource risk management TAMPA BAY, Fla., May 27, 2025 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. The data reveals that despite being the third most-targeted sector by ransomware in 2023, over 80% of SLTT organizations operate with fewer than five employees dedicated to cybersecurity. This staffing shortage coincides with a dramatic increase in cyberattacks, as evidenced by a 313% rise in security incidents reported in the MS-ISAC's 2022 survey. The situation is worsened by the recent cut of $10 million in federal funding for the Center for Internet Security (CIS), which supports crucial information sharing networks for government agencies. Human error, often exploited through social engineering, remains the most common entry point for cyberattacks in 70-90% of cases. The limited staffing and resources highlight the need for cost-effective and low-maintenance tools to support government entities. KnowBe4's 2025 Phishing by Industry Benchmarking Report found that a year of security awareness training can reduce an organization's phishing susceptibility from approximately 33.1% to just 4.1% after one year of implementation. These findings underscore that effective human risk management offers resource-constrained organizations a powerful and affordable defense against the rising tide of cyberthreats. Key findings from the report: 'The data tells an alarming story about state and local government cybersecurity readiness,' said Erich Kron, Security Awareness Advocate at KnowBe4. 'As these organizations grapple with constrained budgets and outdated infrastructure, they remain prime targets for cybercriminals. The surge in ransomware attacks underscores the need to build a more resilient security culture. It's crucial to prioritize human risk management, which has proven to be a powerful tool to counteract these rising challenges.' To download the 'State and Local Cybersecurity: Facing New Burdens Amid Rising Threats' report, visit here. About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. Media Contact: Kathy Wattman SVP of Public Relations [email protected] 727-474-9950 View original content to download multimedia: SOURCE KnowBe4 Inc.
Forbes
6 days ago
- Business
- Forbes
Five AI-Powered Threats Senior Leaders Should Be Aware Of
Perry Carpenter is Chief Human Risk Management Strategist for KnowBe4, a cybersecurity platform that addresses human risk management. We're all too familiar with warnings about phishing scams, and they're still a security issue we need to be aware of. But there are a wide range of other concerns, beyond phishing, that should have your attention—and that you should be sharing with colleagues so they can collaborate with you to protect your company and assets. We're moving into what I call the 'Exploitation Zone'—a widening gap between technological advancement and human adaptability. It is, admittedly, tough to keep up unless, like me, you're singularly focused on data security and staying on top of increasingly sophisticated ploys by bad actors to exploit your human nature. Here are five AI-powered threats you need to understand and take steps to respond to. It's not just emails we have to be worried about these days. Today's hackers can spoof more than email addresses. One of the quickly emerging scams is voice phishing, or vishing. Just last year, we saw a 442% increase in vishing attacks between the first and second half of 2024, according to CrowdStrike. Using publicly available voice snippets they can access via earnings calls, podcasts, video calls or media interviews, cybercriminals are able to create hard-to-detect voice clones. This can take the form of a frantic call from a 'grandchild' to a grandparent asking for money to help get them out of a jam. It can also take the form of a demanding call from a 'CEO' to release funds through a bank transfer. Suggestion: Put steps in place to verify any requests for financial transactions, especially those received via calls or voice messages; consider using authentication questions that only legitimate business representatives would know. Since the pandemic, it's not unusual for many types of meetings to take place in a virtual environment. That includes board meetings. When your board members are participating virtually, there's a chance for manipulation by bad actors. That's not just the stuff of science fiction. Deepfakes have already been used to influence critical business decisions or access sensitive information. A U.S. judicial panel has even considered how deepfakes could disrupt legal trials. Chances are that images and video clips of your board members and senior leaders exist. All cybercriminals need to do is get access to a few seconds of a voice recording, video, or sometimes even a single image and use generative AI tools to create audio and video that most people won't be able to discern from the real. Think I'm exaggerating? You can see me demoing the tools and tactics here. Suggestion: Make sure you're using authentication to protect the security of any video calls. Implement multifactor authentication and establish verification procedures that involve different communication channels. And also, similar to the suggestion for No. 1, consider creating safe words or a verbal challenge/response procedure. In 2023, a fake, likely AI-generated photo of an alleged explosion near the Pentagon briefly caused the S&P 500 to drop. Suggestion: Develop crisis response plans to address the potential for synthetic media attacks, including rapid verification channels that can be used with targeted news outlets and financial partners. Imagine a disgruntled employee using AI voice cloning to generate a fake audio recording of their CEO making discriminatory remarks. Or, picture an AI-generated video showing a senior-level official involved in questionable activities. It's all too possible with the rise of AI-generated content that is now literally at the fingertips of anyone with an axe to grind. Even when these attempts are proven to be false, the damage remains. It used to be true that 'seeing is believing.' That's still true, but what we're seeing may not be actually believable. Suggestion: Be aggressive in monitoring digital channels for synthetic content related to your organization and your key executives, board members and other representatives. Have rapid response plans in place to address any incidents that occur, and be prepared to provide evidence of manipulation. Large language models (LLMs) are the foundational technology behind many generative AI tools. While LLMs themselves don't access real-time information, threat actors can leverage these tools—often in combination with publicly available data about your organization—to craft hyper-personalized phishing campaigns and social engineering attacks. These messages can closely mimic the tone and style of internal communications, making it increasingly difficult for recipients to distinguish between legitimate and malicious content. In a now widely reported incident, what was likely a combination of voice cloning and video deepfakes were used to convince an employee at a multinational firm in Hong Kong to pay out $25 million. After participating in what turned out to be a fake, multi-person video conference call, and despite some initial misgivings, the employee did as requested. Suggestion: Train staff members to recognize the warning signs of AI-enabled impersonation, such as limited interaction or refusal to answer unexpected questions. And encourage them to trust their gut. If something feels off, it probably is, and they should pursue additional verification options. Repeated exposure to information and examples of the many ways bad actors are attempting to infiltrate and influence organizations and employees can help keep the threats top-of-mind and help minimize the chances of falling prey to these attacks. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Associated Press
6 days ago
- Business
- Associated Press
Stay Cyber-Safe This Summer With the Top 7 Cybersecurity Travel Tips From KnowBe4
KnowBe4 shares cybersecurity tips for travelers to protect their information during summer trips TAMPA BAY, Fla., May 22, 2025 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today offered key travel safety tips tailored to address cybersecurity threats targeting travelers this summer. As travelers prepare for their summer getaways, cybercriminals look for ways to exploit security gaps in travel plans. The increase in social engineering scams, public WiFi vulnerabilities and emerging mobile device threats highlights the critical need for proactive protection measures. KnowBe4 is offering advice to help travelers lower their cyber risk exposure while on vacation. KnowBe4's top seven summer travel cybersecurity tips include: 'No matter how far we travel, cybercriminals remain closer than we think,' said Erich Kron, Security Awareness Advocate at KnowBe4. 'While it's easy to let your guard down during a trip, keeping cybersecurity at the forefront can prevent your vacation from being derailed by scams or cyberattacks. With these holiday tips, KnowBe4 aims to equip travelers with practical tools and actionable knowledge to navigate today's digital landscape securely.' For more information on KnowBe4, visit About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. Media Contact: Kathy Wattman SVP of Public Relations [email protected] 727-474-9950 View original content to download multimedia: SOURCE KnowBe4 Inc.
Forbes
21-05-2025
- Forbes
Meta And PayPal Users Warned Of Instant Account Takeover Attack
Beware this instant account takeover attack. Oh boy, here we go again: another hacking campaign that security experts say is surging, and this one can see your Meta or PayPal account compromised in real-time and almost instantly. While attacks against the Meta family, such as the newly reported automated checker threat to Instagram users, or the 48-hour security alert targeting PayPal accounts, are not uncommon, this latest one is particularly alarming given the delivery method and the speed at which it can strike. The campaign combines everything from polymorphic identifiers, advanced man‑in‑the‑middle proxy mechanisms and two-factor authentication bypass techniques into one razor-sharp threat. A threat that can harvest your password and 2FA codes, compromising your account in a heartbeat. Here's what you need to know. I have been given an advanced look at a new report to be published by KnowBe4 on May 23 and permission to warn my readers ahead of that date, as the threat is really rather alarming. If you will excuse the Joker reference, why so serious? The dangerous attack is, I am reliably informed, surging for one. For a second, it's being described as one of the most sophisticated Meta-themed phishing campaigns ever, courtesy of its ability to take over an account almost instantly. Thirdly, the emails that are being deployed in this campaign are sent using a legitimate Google-owned domain. And fourthly, in just a single day, KnowBe4 has confirmed that 11% of all the global email threats it neutralised were sent from this domain, and 98% of them impersonated Meta, the remainder impersonated PayPal. The KnowBe4 Threat Labs report will be worth a read in full on Friday, but here's my advance TL;DR version. The phishing threat is exploiting Google's AppSheet platform, its workflow automation processes enabling the attackers to not only operate at scale, but use a trusted and legitimate domain, noreply@ so as to bypass protections relying upon strict domain authentication and reputation checks. Although the vast majority of the campaign emails were impersonating Meta, a small percentage also targeted PayPal users. It should come as absolutely no surprise that urgent warnings about account security are employed by the attackers, leveraging fear of compromise to, oh, the horrible irony, enable account compromise. The aim is to get the reader to click a malicious 'submit an appeal' link. If they do, then they are redirected to the guts of the hacking campaign, where passwords and 2FA codes can be stolen. A double-prompt is also used, with the fake site falsely claiming the first attempt was incorrect. KnowBe4 said that this is to encourage accurate entry of credentials, introduce confusion to impact critical thinking and allow the attacker to compare both inputs for added validity. I have reached out to Google, Meta and PayPal for a statement.
Zawya
19-05-2025
- Zawya
The Digital Divide's Dark Side: Cybersecurity in African Higher Education (By Anna Collard)
By Anna Collard, SVP Content Strategy&Evangelist KnowBe4 Africa ( The digital revolution is transforming African education, with universities embracing online learning and digital systems. However, this progress brings a crucial challenge: cybersecurity. Are African higher education institutions (HEIs) prepared for the escalating cyber threats? The Growing Threat Landscape African HEIs are increasingly targeted by cybercriminals. Microsoft's Cyber Signals report highlights education as the third most targeted sector globally ( with Africa being a particularly vulnerable region. Incidents like the theft of sensitive data ( at Tshwane University of Technology (TUT) and the hacking of a master's degree platform ( at Abdelmalek Essaadi University in Morocco demonstrate the reality of these threats. Several factors contribute to HEI vulnerability. Universities hold vast amounts of sensitive data, including student records, research, and intellectual property. Their open nature, with diverse users and international collaborations, creates weaknesses, especially in email systems. Limited resources, legacy systems, and a lack of awareness further exacerbate these issues. Examples of Cyber Threats in African Education Educational institutions have fallen prey to social engineering and spoofing attacks. For example, universities in Mpumalanga and schools in the Eastern Cape have been notably victimised by cybercriminals ( using link-based ransomware attacks, with some institutions being locked out of their data for over a year. Earlier this year, the KwaZulu-Natal Department of Education warned against a cybercriminal scamming job seekers ( by falsely promising teaching posts in exchange for money and using photos with officials to appear legitimate. Strategies for Strengthening Cybersecurity African HEIs can take actionable steps to strengthen their cyber defenses: Establish Clear Policies: Define roles, responsibilities, and data security protocols Provide Regular Training: Educate educators, administrators, and students to improve cyber hygiene and security culture Implement Secure Access Management: Enforce multi-factor authentication (MFA) and secure login practices Invest in Secure Technology Infrastructure: Include encrypted data storage, secure internet connections, and reliable software updates Leverage AI and Advanced Technologies: AI can be utilised to enhance threat detection and enable real-time responses. Consider centralising tech setups for better monitoring Adopt Comprehensive Cybersecurity Frameworks: Follow guidelines like those from the National Institute of Standards and Technology (NIST) and encourage phishing-resistant MFA, reducing hacking risks by over 99.9% Human Risk Management as a Priority: Focus on security awareness training, that includes simulated phishing, and real-time interventions to change behaviour and mitigate human risk Moving Forward The cybersecurity challenges facing African HEIs are significant but not impossible. By adopting a human risk approach and acknowledging threats, implementing strong security measures, and fostering a positive security culture, we can protect institutions and ensure a secure digital learning environment. A collective effort involving institutions, governments, cybersecurity experts, and technology providers is crucial to safeguard the future of education in Africa. As part of efforts to strengthen cybersecurity awareness in the education sector, KnowBe4 offers a Student Edition—a version of its platform tailored to the unique needs of educational institutions, providing age-appropriate, relevant security content and training solutions. This initiative is guided by an Advisory Council of global universities, including Nelson Mandela University in South Africa, ensuring the content remains practical, culturally relevant, and aligned with the realities of student life. Distributed by APO Group on behalf of KnowBe4.
