We often get asked if security awareness training needs to be graded for audits and auditors. In the context of a SOC 2, HIPAA, or ISO 27001 audit, grading of security awareness training is not required. While grading is a crucial factor in demonstrating the effectiveness of an organization's security awareness program, it is not required. 

It's sad that this news is not surprising - T-Mobile announced a data breach affecting 37 million customers. The cyber attackers managed to steal sensitive information belonging to the customers, and T-Mobile is now working hard to contain the damage.

Phishing is a prevalent tactic employed by cybercriminals, where they impersonate legitimate entities such as individuals or organizations, by creating fake email addresses and website addresses. Attackers are now using the same techniques with cryptocurrency wallet addresses.

OpenAI released ChatGPT, a new interface for its Large Language Model (LLM), at the end of November 2022 and it caused a stir in the AI world. But, turns out it also made the cyber threat landscape more exciting as it became clear that code generation could help less-skilled hackers launch cyberattacks with ease.

Slack works great as an LMS. With Haekka, you can assign training to Slack users, channels, or all users in your Slack instance. We recently wrote a guide on how to bring KnowBe4 security awareness training to Slack with Haekka. In this post, we will walk through how to bring Ninjio security awareness training to Slack.

The truth is, machine learning has already had a huge impact on social engineering, and it's not just the bad guys who are taking advantage of it. In fact, the good guys are using it too to help protect people from falling victim to scams and phishing attacks.

With our phishing simulator out of beta and available publicly, one of the most common questions we get asked by admins, and one of the most common questions we get asked by potential customers, is around the phishing templates we have available for phishing campaigns, how we create new templates, how we use ChatGPT in the process of making phishing templates, and how often we release templates.

Social engineering is a tactic used by cyber criminals to manipulate individuals into divulging sensitive information or performing actions that can lead to a security breach. It continues to be a major threat to companies because it exploits human psychology and can bypass even the most advanced technical defenses. Last year, many high-profile data breaches, such as the ones at Twilio and Dropbox, resulted from social engineering attacks.

Slack, the preferred communication platform for modern businesses and teams, works great as a modern Learning Management System (LMS). This easy and embedded approach to learning management allows for seamless communication and collaboration among learners and admins. The ease and embedded nature of a Slack LMS creates a connection between learning and learners that is hard to replicate from a traditional LMS.

KnowBe4 allows for the export of training content for delivery via LMS systems. This export functionality enables KnowBe4 customers to obtain training content that can then be assigned and delivered in Slack with Haekka.

Data breaches are in the news all the time. And it feels like no companies - large or small, public or private, geography, industry - are safe. We have new data that shows how many IT leaders think breaches are inevitable. It’s not if a breach will occur, it’s when it will occur.

ChatGPT is an AI writer that has gotten a ton of attention since launching last month. Like all things on the Internet, ChatGPT is available for good purposes and for nefarious purposes. We decided to test ChatGPT writing phishing emails as cyber attackers are bound to use it for phishing attacks. The results were a little scary.

It’s 2023, a new year. Unfortunately, that does not mean a slowdown in the attacks that target end-users like you. Social engineering attacks, which attempt to trick you into clicking a link, providing sensitive information on fake websites, or installing malicious software, were on the rise in 2022 and will continue to be a primary method used by cyber attackers in 2023.

As we enter 2023, it is a good time to take stock of activities, assess what is working and what is not working, and prioritize for the year and beyond. This is a common practice to categorize current initiatives and activities as either things to stop or continue.

Phishing attacks are a common method used by cybercriminals to trick individuals into revealing sensitive information, such as login credentials or financial information. One way to reduce the risk of falling victim to a phishing attack is to use passkeys, which are a form of cryptography that uses a public and a private key.

As technology continues to advance and the value of digital assets and data grows into and through 2023, so too do the tactics and technologies used by attackers in the realm of social engineering. In the coming year, it is likely that we will see the emergence of new methods and approaches, as well as the evolution of existing ones.

As the world becomes increasingly reliant on technology, the stakes for cybersecurity only continue to rise. In 2023 and beyond, we can expect hackers to ramp up their efforts to gain access to valuable data that they can use for their own gain. With more of our lives being run through hackable technology and more digital data available through connected devices, it's more important than ever to stay vigilant and protect ourselves from these nefarious actors.

Prediction posts typically either list the obvious or are full of wild guesses. When it comes to cybersecurity and data privacy, we’re going to try to give you both the obvious and our wildest guesses. So, without further ado, here are our predictions for data privacy and 2023.

The devices you employees use have access to their accounts and your data. Securing those devices is an essential part of securing your businesses. With remote access ubiquitous today and more people using personal devices for work (bring your own device), securing devices is a unique challenge.

Uber’s had a bad autumn when it comes to data breaches. This most recent breach was not a breach of Uber’s systems but a breach of one of Uber’s vendors. What can we learn from this breach of a 3rd party?

Security awareness is not new as concept. It dates all the way back to the earliest days of humans through historical and modern warfare until today, where we are constantly under attack. Today, sensitive information, the goal of attackers, is accessible from everywhere. Security awareness needs to evolve to meet the ubiquity of the challenge.

Security awareness is a niche within cybersecurity that is suffering the same fate as the broader market. Companies are buying multiple tools for training, phishing, event-driven training, and human risk. These tools need to be integrated with LMSs, HRISs, and sometimes auth systems. What is often missed is the goal of security awareness - namely to reduce the risk from human actions and behaviors.

Despite near constant education about the importance of strong passwords, they remain a huge cause of security incidents and data breaches. Major technology companies are coming together to create a new standard for authentication called passkeys. These passkeys replace passwords and will be easy to implement by any company that needs to implement authentication.

On the heels of our last Digest post about malware being spread on TikTok, several US States have officially banned the app from use on government owned devicesMaryland is the most recent state to join South Dakota and Nebraska in banning TikTok. Wisconsin and South Carolina are also close to instituting bans on the social media platform. The bans only applies to government owned devices, not personal devices.

Bringing training to Slack is a simple and powerful way to update your training experience. Employees get all the benefits of a Slack experience but for training. Additionally, training is done in the context of work, making it less of a distraction and building a culture of learning.