KnowBe4 Warns Organizations of Antivirus Giving False Sense of Security

Nearly every organization has some type of concern about ransomware as it continues to hit epic proportions of infections. Profits are soaring for the authors and those spreading it as costs reach $1 billion. Why is it continuing to grow despite precautionary efforts by IT managers? 

An alert warning IT departments to re-evaluate their current 'safety net' of antivirus and spam filters was sent out by KnowBe4 earlier this week. The antivirus industry's premier 'insider site', Virus Bulletin (VB), released tests that identify how good or bad end point detection software is and shows a major drop in effectiveness for Jun-Dec 2016 over the same period in 2015. These RAP (reactive and proactive) tests measure both the vendors' ability to handle newly emerging malware and their accuracy in detecting previously known malware.

Look at the quadrants for Jun-Dec 2015 and compare it to the most recent one for 2016. Note the fact that in 2015, the proactive detection is a bit spread out, but the midpoint hovers around 80 percent, and the reactive midpoint sits at roughly 90-95 percent. Reactive means they know this sample, have a hash, and can block it. Proactive means this is an unknown sample and the security software's heuristics need to recognize the malware behavior.

Next, look at the same midpoints a year later for April-Oct 2016. The bad guys are winning. Note that reactive detection dropped a little bit and now clusters on the 90 percent line, but if you eyeball proactive detection, it has dramatically dropped to 67-70 percent. You would expect that with modern machine-learning techniques, proactive protection would improve, but it is going the opposite direction. By the way, if your AV is not listed in this report, the vendor declined to participate, and you can draw your own conclusions about why.

Martijn Grooten at VB commented on VB's most recent spam filter test that ransomware would be much worse if it wasn't for email security solutions, citing, "Many experts believe that ransomware is set to become an even worse problem in 2017 than it was in 2016 - which is rather bad news, given the damage it has already done."

"Still, the problem could be much worse: a test of security products performed by Virus Bulletin in November/December 2016 showed that at least 199 out of every 200 emails with a malicious attachment were blocked by email security solutions (or spam filters). Of course, the fact that spam is sent out in large volumes means that even a very low success rate is sufficient for attackers to make a good return on investment - and thus to cause a lot of damage."  

Statistics, extrapolations and counting by the Radicati Group from February 2015, estimate the number of email users worldwide was 2.6 billion, and the amount of emails sent per day (in 2015) to be around 205 billion. Digital Marketing Ramblings (DMR) offers these other fascinating statistics on email, compiled in August 2015:

  • ·         The average office worker receives 121 emails a day
  • ·         Percentage of email that is spam: 49.7 percent
  • ·         Percentage of emails that have a malicious attachment: 2.3 percent

Simple math shows that 100+ billion spam emails are sent every day. Of those, 2.3 billion have a malicious attachment. One half of one percent (one in 200) of those makes it through the filters, showing a surprisingly high number of 11,500,000 every day, putting the potential for malware making it into a user's inbox into the millions, every day.

These numbers are just looking at malicious attachments, of which 93 percent are ransomware.

In a survey done of 500 IT managers in December, 2016, it was clear that even with antivirus, ransomware is going to get in.

Keep in mind that the bad guys are also very active with CEO fraud using a spoofed "From" email address. Even more important, the most vicious attacks (like the hacks into the Clinton campaign) were based on a simple social engineering spear phish. Your employees are your last line of defense.

Because ransomware relies heavily on social engineering, it becomes critical for organizations to come to the realization that only the user (the one being "engineered") can truly stop all ransomware attacks. Don't click the link or open the attachment, and like magic, don't infect your workstation with ransomware! While antivirus attempts to stop malicious links and attachments, the % of infection speaks volumes about whether you can truly rely solely on antivirus to protect your organization.

Transform employees into a human firewall ASAP, and keep them on their toes with security top of mind by stepping them through new-school security awareness training which combines on-demand interactive, engaging web-based training with frequent simulated phishing attacks right in their inbox."

For more information or copies of charts referred to, visit the KnowBe4 blog.

About KnowBe4

KnowBe4, the provider of the world's most popular integrated new school security awareness training and simulated phishing platform, is used by more than 8,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO Fraud and other social engineering tactics through a new school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4's Chief Hacking Officer, helped design KnowBe4's trainings based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as a first line of corporate IT defense.

Stu Sjouwerman (pronounced "shower-man") is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services thousands of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.


Topics: Social Engineering, DMR, CEO fraud, Chief Hacking Officer, computer security expert, email security solutions, end point detection software, IT Defense, IT managers, keynote speaker, malicious email, security consultant, KnowBe4, Martijn Grooten, Spam, antivirus & spam filters, ransomware, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›

The 4 Phases of Penetration Testing

So, you’ve done your research on penetration testing and are ready for the pentest engagement. But before you choose just any pentesting vendor, it’s ..

Read more ›

What is Web Application Penetration Testing?

Is your company in the process of developing a new application? There are a lot of moving parts involved in developing and deploying cutting-edge appl..

Read more ›