12 Aug Words Of Wisdom From A Las Vegas Hacking Convention
Cybersecurity expert Erich Kron dispenses advice at Black Hat USA 2021
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Aug. 12, 2021
Thousands of people made the annual pilgrimage to the popular hacking convention, back live and in-person this year during the still iffy COVID-19 period we’re living through, in part to watch demos of the shiniest new cybersecurity products being hawked in the Business Hall. But Kron, a security awareness advocate and technical evangelist at KnowBe4, dispensed a dose of reality reminding us this (cyberattacks) has been going on for decades.
The point Kron drove home to us is that nothing has changed much over the past 30 years insofar as the primary attack vector at most organizations — employees — and that CISOs and security teams should be doubling down on protecting their people.
Kron’s compelling pitch is that changing an organization’s culture, and thus changing the behavior of its employees, is the best bang for its security buck — albeit not always the one technical people (IT teams) want to sign up for as their first order of business.
Small businesses, depending on their size, have few to no IT people, but Kron’s message is still relevant as too many of them think they’re too small to be attacked. But that’s hardly the case as more than 50 percent of cyberattacks are launched on organizations with the least number of employees.
Kron understands the plight of the undersecured and gives the example of doctors with their own practices who are so busy tending to patients that it barely gives them time to think about cybercrime and ransomware, much less anything else. But, these doctors can certainly carve out the time to find a local cybersecurity firm or MSSP (managed security services provider) to help. With limited budgets, small businesses should focus on the biggest risk — its employees — and not the outlier risks.
Large organizations with security budgets to match are another story. Kron said that it used to be all about backup when it came to fighting the fastest growing type of cybercrime — ransomware. But that all changed in 2018 with the emergence of the MAZE ransomware, which exfiltrated data and threatened to go public with it unless a ransom was paid. As much as Kron pushes for organizational change and employee behavior modification, he’s a strong advocate for better email gateways to reduce spam and phishing attacks, the best possible backup technology, and robust DLP (data loss prevention) tools.
Black Hat had it all on display, every cybersecurity solution imaginable. But Kron isn’t letting IT and security teams at big companies off the hook. He emphasizes to them that protecting humans still needs to be a top priority.
The KnowBe4 evangelist had much more than words of wisdom. Kron was also on hand to show off his company’s latest innovations at demo stations with all sorts of phishing scenarios, as well as tools for culture change and compliance.
Scott Schober, author of the popular book “Hacked Again” and a media commentator for Cybercrime Magazine, noted it was strange to be back out meeting with colleagues and it was a treat for him to catch up with Kron, a genuine advocate — not only for KnowBe4 but for all of society.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Sponsored by KnowBe4
KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.