KnowBe4 Says Security Training Will Beat Technology in Race to Provide Better Security World

Share Article

Antivirus software has been proven to be ineffective in defending against cyberattacks; Internet security firm KnowBe4 says implementing security training for employees and others is the best defense against cybercrime and will win out over technology in beating it.


Antivirus software simply cannot keep up with the continuous growth of malware

With the constant of evolution of technology today, the idea of defending cyberattacks from trained hackers can be a daunting task for business owners and individuals alike. In 2011, corporations and consumers spent a combined total of over $7.4 billion on antivirus software, and yet cybercrime is still on the rise (1). Security awareness training firm, KnowBe4, says companies should not focus only on antivirus software, but instead implement security training for their staff to decrease the risk of security breaches, as antivirus software simply cannot keep up with the continuous growth of malware.

When hackers attempt to invade a business, they will use an approach that antivirus software will likely miss, which is why cybercriminals often succeed despite the presence of malware protection. Cybercriminals are intelligent enough to test their attacks against popular antivirus products before putting them to use, with Web sites that even allow Trojan programs or viruses to be tested for effectiveness (2). When new attacks pop up on the Internet, it’s common for them to evade antivirus detection and make their way directly into your business—the weakness being the human link, not a technology issue.

KnowBe4 CEO Stu Sjouwerman insists that security training will always beat the antivirus software in the long run, because it is a defensive measure rather than just preventative. Sjouwerman provides three reasons why security training is the constant victor in the fight against cybercrime:

1.It’s a Game of Chess and the Bad Guys Have the Advantage.

a.Cybercriminals by now have gone “pro,” and wield enormous resources in both money and brainpower. Most people think that the latest technology is always more secure, but the opposite is often true. New code and/or devices are barely out of beta, often still full of bugs, and essentially ineffective against malware.

2.The End User is the Weak Link in IT Security

a.The hackers go after your employees, because they are the low-hanging fruit that is easy to trick with social engineering scams. Employees are likely to unknowingly open a virus and completely expose your business to threat.

3.Antivirus Software is Reactive and Cannot Keep Up.

a.On average, it takes between six to 12 hours before antivirus software updates itself and blocks known sites that host malware or send phishing scams. Six hours is an eternity on the Internet, and the bad guys have sent their phishing attacks, gotten their cyber-loot and run away to safety in those six hours. Being trained on the 22 Social Engineering email Red Flags (TM) is a must to prevent this, as existing technology simply will not help until it’s too late.

Sjouwerman insists that companies must take a different approach when defending against cyberattacks, because depending on antivirus software to do the job can be extremely detrimental.

Case in point: In 2010, the Treasury Credit Union—a financial facility servicing federal employees and the families of the U.S. Treasury Department personnel in Utah—was hacked. The criminals infiltrated the bank’s computer system, and approximately 70 wire transfers were made from one of the bank’s own accounts. The transfers were made in low-increment amounts of under $5,000 to money mules, totaling in the low six figures. This was accomplished despite the fact that the computer and network were well-protected by antivirus software.

Sjouwerman asserts that learning how attackers are working and then changing your business to thwart common attack techniques is a better investment than any antivirus software on the market.

“Antivirus software simply cannot keep up with the continuous growth of malware,” commented Sjouwerman. “Cybercrime prevention training has proven to work, and reduces the chances of a successful cyberattack.”

Sjouwerman says the best defense is to be trained by a former hacker. KnowBe4 offers the highly advanced Kevin Mitnick Security Awareness Training program, designed to help organizations defend against even the most advanced network security breaches.

For more information, visit KnowBe4 online at

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. He and his colleagues work with companies in many different industries, including highly-regulated fields such as healthcare, finance and insurance. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

1.Perlroth, Nicole. “Outmaneuvered, Antivirus Makers Refine Techniques.” The New York Times, 31 Dec. 2012. Web. 31 Mar. 2013.

2.McMillan, Robert. “Is Antivirus Software a Waste of Money?” Conde Nast Digital, 2 Mar. 2012. Web. 31 Mar. 2013.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Alyssa Kaplan
Email >
Visit website