KnowBe4 is an integrated security awareness training and simulated phishing platform that can help organizations mitigate cybersecurity risks. The document discusses how CEO fraud and other scams cost organizations billions annually. It recommends that MCSD implement a security awareness training program using KnowBe4, which includes baseline phishing tests, training all employees, continuing phishing simulations, and analyzing phishing data. KnowBe4 pricing through an IU9 consortium would be significantly less than competitors like $7.80 per user per year for MCSD.

1. KnowBe4 is the world's most popular
integrated platform for awareness training
combined with simulated phishing attacks.

2. • 91% of successful data breaches started with a spear phishing
attack
• CEO Fraud (aka Business Email Compromise) causes $2.3
billion in damages yearly
• W-2 Scams social engineer Accounting/HR to send tax forms to
the bad guys
• Ransomware was a US $1 BILLION criminal business in
2016, and continues to grow
Your Employees Are Your Last Line of Defense

3. Two Unnamed US Companies Fall Victim
to $100 Million CEO Email Fraud
• This scam only surfaced as the U.S. government filed a civil forfeiture lawsuit in federal court in Manhattan
seeking to recover tens of millions held in at least 20 bank accounts around the world.
• The scammer, a 48-year old Lithuanian managed to trick two American technology companies into wiring
him $100 million.
• What makes this remarkable is the amount of money he managed to score and the industry from which he
stole it. The indictment specifically describes the companies in vague terms, but Apple, Cisco, HP and
Facebook come to mind.
• As a Public Entity, we have an obligation to actively protect the funds
entrusted to us by the Federal, State, & Local Governments, as well as
each individual taxpayer.
• MCSD has been the target of CEO fraud attempts.

4. The answer is defense-in-depth, and pay specific attention to the
outer layer which is the weakest link in IT security: The Human
How Can We Protect Our Organization?

5. How Does KnowBe4 Help MCSD Mitigate Risks?

6. Baseline Phishing Test
• Security awareness training can be
undermined due to difficulty in
measuring its impact. “You can’t
manage what you don’t measure”
• It is vital to establish a baseline on
phishing click-through rates. This is
easily accomplished by sending out
a simulated phishing email to a
random sample of personnel.
• You find out the number that are
tricked into clicking. This is your
baseline “Phish-prone percentage”
that you use as the catalyst to kick
off your training campaign.

7. Train Everyone
• In order to create a security culture and change the behavior of your
employees, you have to train everyone, from the board room to the lunch
room, and include the training in the onboarding of every new employee.
• This should be on-demand, interactive, engaging and create a thorough
understanding of how cybercriminals operate.
• Employees need to understand
the mechanisms of:
• Spam
• Phishing
• Spear-phishing
• Malware
• Ransomware
• Social engineering
And be able to apply this in
their day-to-day job.

8. • Even when testing confirms that phishing
susceptibility has fallen to nominal levels,
continue to test employees frequently to
determine if anti-phishing training remains
effective.
• The bad guys are always changing the rules,
adjusting their tactics and upgrading their
technologies.
• Analyze your phishing data. Continue to train
and phish your users with more advanced
tactics such as attachments and landing
pages where they are asked to enter data.
• Over time, increase the difficulty of the
attacks, KnowBe4 has almost 1,000
templates rated by difficulty from 1 to 5.
Continue to Test Employees Regularly

9. Security Awareness Training Program That Works

10. Competitors in Security Industry
Wombat Security Technologies & PhishMe are two other industry leaders in
End-User Security and Education.
Both platforms offer competitive features and functionality to KnowBe4, and
MCSD would be just as well served by either of these platforms…
However, neither competitor is able to compete with the discounted pricing available
through IU9, due to economies of scale.
IU9’s KnowBe4 consortium pricing is based on 50,000+ User Level, where as MCSD
includes only approximately 500 distinct users (Staff Only).
Pricing for Wombat’s platform lists at ~$25/user/year.
Pricing for PhishMe’s platform begins at ~$10,000/year.
IU9’s KnowBe4 pricing equates to ~$7.80/user/year and ~$3,901.52/year total.

11. KnowBe4 Pricing -
Seneca Highlands IU9 has obtained
State-Wide Consortium Pricing for
KnowBe4, allowing MCSD to obtain
the comprehensive “Diamond
Level” Package at a tremendous
discount level…
Less Than $8/User/Year.
Recommendation is to purchase 3-Year License at One-Time Cost of $11,704.57.
- Anticipate being able to accomplish without negative impact on 17-18 budget.