All-Star Cyber Defenders. PHOTO: Cybercrime Magazine.

How To Defend And Defeat Phishing Perpetrators Once And For All

A new school twist on the ‘Human Firewall’ defense stymies cyber scammers

Steven T. Kroll

Northport, N.Y. – Apr. 3, 2019

Full Court Press brings you four quarters of cybersecurity action played by the top teams globally. Trotting onto the court for the first quarter is KnowBe4, from Clearwater, Fla.

Two all-star cyber defenders are teaching organizations globally how to put a full court press on their cyber opponents. Kevin Mitnick, chief hacking officer at KnowBe4, and Stu Sjouwerman, CEO and founder, recently met up with Cybercrime Magazine on the floor of the RSA Conference in San Francisco to discuss a new school cybersecurity strategy for shutting down phishing and ransomware attackers.

“If you think about it from a cybersecurity perspective, you can’t just have one defensive strategy,” said Dr. Jay, chief information security officer at Xerox, a Fortune 500 corporation based in Norwalk, Conn., during our pregame show – filmed at Recreation Hall in Old Westbury, N.Y., home court for the Bears, New York Institute of Technology’s NCAA Division II (NYIT) men’s basketball team. “You have to have many defensive strategies that layer on top of one another to keep out cyber adversaries.”

“Today, most attacks start with an email,” says Mitnick. 

“That’s why I created KnowBe4 as a defensive measure, as an additional human firewall layer on top of all your other defenses,” adds Sjouwerman.

Only one phishing email needs to break through, and the entire system is exposed to criminals who typically use social engineering — the process of manipulating people to click on fraudulent links and/or to give login credentials to bad actors.



Mitnick and Sjouwerman discovered that no matter how strong and effective the defense mechanisms are, the one problem that occurs frequently and matters the most is the human element. With his 30-plus years of experience in the industry, Mitnick designs courseware to teach people how to detect scams and to avoid social engineering.

KnowBe4’s program consists of a three-step process — “a phishing test, on-demand interactive training through the browser, and frequented simulated phishing attacks,” says Sjouwerman. He sums it up perfectly — we test clients, we train them, and we test and test.

“You absolutely need this human firewall as the last line of defense because very often these phishing attacks make it through all the filters, and it’s your employees who ultimately need to be alert enough to not click on that link,” Sjouwerman says.

KnowBe4’s data proves that a solid human firewall can do a lot to secure a company’s systems. Over the course of a year, the number of employees who click on a malicious link drops from 25 percent to 2 percent through the use of KnowBe4’s Automatic Security Awareness Program. Of course, it’s never zero, but the dramatic decrease is where you want your employees to be.

There is another benefit to using KnowBe4’s program. The more that people receive training, the more likely they are to use cyber hygiene in their personal lives, which in turn reinforces security practices at work. KnowBe4’s website boasts a free home training program, and Mitnick encourages everyone to access it.

Cybersecurity is no easy task, as technological improvements ramp up, but these two are at the side of the court training the human firewall. “Threat actors are changing their tradecraft everyday,” Mitnick says. “We’re keeping on top of things, so we can advise our clients and build our technology into that platform and help them mitigate the risk.”

The clock just ran out on the first quarter. If you listened to Mitnick and Sjouwerman, then it’s a low scoring game and you have the lead. But you can’t let up. To defeat the cyber attackers, you need to employ a full court press for the entire game.

Stay tuned for the second quarter!

Full Court Press Archives

Steven T. Kroll is a public relations specialist and staff writer at Cybercrime Magazine.


Sponsored by KnowBe4

KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.