Featured Startup Pitch: KnowBe4 –providing ‘Internet security awareness training’ to help enterprises avoid phishing and other costly online scams

By Editor October 25, 2011

KnowBe4_logoCompany: KnowBe4

Website:  www.knowbe4.com

Founder: Stu Sjouwerman

Headquarters: Clearwater, Florida

Year Founded: 2010

Twitter: @KnowBe4

Brief Company Description: KnowBe4 delivers next-generation security awareness training and testing, addressing the needs of business owners, IT, HR and end-users.


Stu_Sjouwerman-KnowBe4By Stu Sjouwerman, founder and CEO

Product Overview

KnowBe4 provides proactive next-gen Internet Security Awareness Training that really works against phishing attacks. Our training reduces phishing susceptibility by 75 percent and higher. When our customers asked for more, our answer was to present security consulting services with a special proactive angle focused on making an organization a hard target for phishers.

Founder’s Story

My name is Stu Sjouwerman (pronounced ‘shower-man’). I have been in the IT industry for 32 years and am one of the founders of Sunbelt Software, which was established in 1994. Sunbelt was recently acquired by GFI software, a portfolio company of Insight Partners, a large venture fund in Boston.

As part of the management team, I helped make the decision to build a brand new low-overhead anti-malware platform from scratch. In 2008, we released VIPRE Antivirus, which is continuing to expand in this crowded AV market. Being inside the AV industry, I came to find they have a dirty little secret: their effectiveness is not all it’s cracked up to be by their marketing departments.

As is well known by now, hackers bypass both firewalls and AV with social engineering tactics and go straight after the end-user. Due to the fact that the training is sorely lacking, I started my new company KnowBe4—the next-gen Security Awareness Training. 

Marketing/Promotion Strategy 

1.       We send a free simulated phishing attack to all employees which establishes a baseline called the ‘Phish-prone’ percentage. Additionally or instead of the attack, the prospect gets a free Email Exposure Check, which shows the attack surface for spear-phishing by cybercriminals.
2.       We train all users on-line via the browser, an interactive 30-minute session.
3.       Allowing the KnowBe4 account owner to continue to send regular simulated phishing attacks that are tracked for opens and clicks keep the end-users on their toes.
We see a dramatic drop in phish-prone percentage starting at 75 percent immediately after the training, decreasing close to zero in less than two months.

How We Differentiate from the Competition

No one provides a free phishing attack to show the phish-prone percentage of employees. We position ourselves as security awareness training done right.

Business Model

Customers buy a yearly subscription which allows them to send employees to our website for training purposes and to send regular simulated phishing attacks to all employees, combined with tracking and reporting. They can get additional consulting to make them a harder target for phishing.We educate anyone in the market that is willing to listen. Below are the five most important things you can do to protect against a cyberheist of either your organization’s bank account or customer database:1.       Have your accountant use a separate PC to do online banking. That PC should not be used for web browsing or email. Ideally, if you have the expertise in-house, use a Linux machine or a Mac.
2.       Transfer your business account to JP Morgan/Chase. This is the ONLY bank that has business accounts insured against cyber fraud. The only one—it’s a scandal.
3.       Make sure all anti-malware software is up to date and isn’t being turned off by employees, even if it slows down their computer.
4.       Never use a wireless network for anything financial-related, especially in public spaces.
5.       Do not have any company email addresses on your website, but instead, use a web-form so that customers can communicate with you. Phishers use those company addresses for phishing attacks.
6.       Be proactive: provide Security Awareness Training for employees to ensure they aren’t an easy target for hackers who break into the network through phishing email attacks. This is what we do at KnowBe4.

Current Needs

No real needs at the moment, but we certainly need help getting the word out!

KnowBe4 – www.knowbe4.com