KNOWBE4, INC.
CLEARWATER, FLORIDA

Today, we are announcing a Q1 2018 year-over-year sales increase of 191%, bringing us to well over 17,000 customers worldwide. You and your team have made my life much better in dealing with employee awareness. It is very appreciated and has given us boost up with our regulatory requirements and preventative measures. I love KnowBe4 and if you ever need a reference, feel free to have people contact me. I have been enjoying your product a lot. I also love the brief updates about news and issues from Stu every so often. It helps to keep me informed and aware of any potential threats. We have been using KnowBe4 for a few years now and we are very happy with the service. We love the new features that you have added to the phishing campaigns. We love your products. We are happy with using your service. Thank you. I am a very happy camper, thanks to your excellent and entertaining Kevin Mitnick Security training program, and to our account Rep. Sean Ness, we are loving your product. Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! company, so our infrastructure was built from the ground up to have a secure, and fault-tolerant cloud-based infrastructure. KnowBe4 was PCI compliant from day one. Regarding the Phishing Security Tests, the data we store consists only of email addresses, and what this address has clicked on. No other data gets stored, and KnowBe4 has done everything to be secure, scalable and reliable. As the phishing tests only use standard email/web protocols, and do not include any actual malware, KnowBe4 phishing tests will not introduce any vulnerabilities into your systems. KnowBe4 complies with the EU Protection of Personal Data Directive as set forth by the Directive 95/46/EC Article 29 Working Party. KnowBe4 operates a separate instance of its application in an EU datacenter for customers wishing to have their data reside within an EU approved country. Some data subprocessors in use by KnowBe4 only offer services within the US. A listing of these subprocessors can be provided upon signing a mutual non-disclosure agreement. Any requests from users of the KnowBe4 applications who seek access, or who seek to correct, amend, or delete inaccurate data may do so directly by logging in to the appropriate application or by contacting the KnowBe4 application administrator for their organization. A study of one-hundred-thirty companies by Varonis finds that two related problems remain widespread in corporate networks. First, many businesses seem to have difficulty following the least privilege best practice. That is, they leave on average 21% of their folders accessible to everyone. Second, they leave a large number of inactive, "ghost user" accounts on their systems. It came to light on April 1st that two retailers owned by the Hudson's Bay Company, Lord & Taylor and Saks, were breached. On March 29th the JokerStash "hacking syndicate," which is also known as "Fin7" began offering the first tranche of what are believed to be more than 5 million payment cards for sale on the dark web. 125 thousand records have been released for sale so far. The rest are expected to appear on the block within the next few months. The Hudson's Bay Company says it's addressed issues with network security and continues to investigate. The retailer will offer customers whose paycard data were lost the customary post-breach help, including identity-protection and credit-monitoring services. How the criminals accessed the accounts remains under investigation, but it appears to have been a phishing expedition. Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning? KnowBe4’s Phish Alert add-in button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! This is a great way to better manage the problem of social engineering. Compliments of KnowBe4! https://info.knowbe4.com/phish-alert-chn One journalist found her academic vanity flattered and fell for the social engineering. Encourage your employees to think about how they might be vulnerable, and help them arm themselves in advance with the kind of healthy skepticism realistic anti-phishing training can help develop. WIRED has an interesting first-person story: Watering hole attacks are a form of social engineering that fell out of favor over the last two years. But it's back, according to researchers at Morphisec, and you should help your employees recognize it. In a watering hole attack criminals load a website with malware designed to infect visitors with a malicious payload. Others are built from the ground up by attackers to draw their most desirable marks into the watering hole. The most common infection vector has been a Flash vulnerability. The criminals who operate watering holes will often take advantage of the fact that the patching cycle in most businesses can typically be as long as six weeks. Once the exploits are addressed, that attackers move onto another one. Many watering holes take advantage of the same kinds of gullibility phishing attacks make use of. Training in awareness of and resistance to social engineering can be part of a business's defense against watering hole attacks. ITWeb has the story of how watering holes are reappearing: The link that bogus portal proffered was, of course, malicious. This is another case in which wariness about links in email and an appreciation of the techniques of social engineering can help insulate an organization from the threat. Information Security Buzz has a brief story on the incident: https://www.informationsecuritybuzz.com/news/investment-firm-fis-group-phishing-docusign/ Background. The recent ransomware attack on the City of Atlanta highlights the fact that the threat of ransomware affects all organizations, regardless of the nature of their industry, business, or operations, and that political subdivisions and quasi-government entities face particular challenges in protecting themselves and responding to attacks.