Keepnet specializes in addressing human factors of security through innovative security awareness training and phishing simulation tools. This article highlights the significant findings of their 2024 Vishing (Voice Phishing) Response Report, demonstrating the company’s pivotal role in mitigating social engineering threats across various industries.
From the CISO’s perspective, it’s quite obvious that humans are our weakest link. The problem is that we can deploy all the tech, all the blinky lights, but it’s the humans that will fail. We saw our good friends at the SE Village at Defcon, @Snow, and @JC putting on this clinic. Keepnet helps to shore up the defenses for humans, plain and simple.
Keepnet is at the forefront of cybersecurity, offering comprehensive solutions that simulate phishing attacks to enhance organizational security protocols. Keepnet’ products include security awareness training as well as email, smishing, vishing, quishing, and MFA phishing simulations, integral to modern cybersecurity strategies and human risk management.
The rising sophistication of social engineering attacks, especially voice phishing, has cost businesses significantly. In 2023 alone, vishing attacks in the U.S. led to losses of over $10 billion.
- Origin of Challenges: The challenges primarily stem from the rapid evolution of social engineering tactics, such as the use of deepfakes and other sophisticated methods. As attackers refine their techniques, including mimicking voices and creating convincing fake identities, many businesses find their existing security protocols inadequate. The frequent underestimation of voice phishing threats by organizations, coupled with these advanced technologies, enhances the effectiveness of such attacks.
- Inadequacies of Current Solutions: Traditional security measures often lack the dynamic and interactive elements necessary for effective training against modern voice phishing threats. Most solutions provide generic, passive training that fails to engage employees meaningfully or simulate the complexity and realism of real-life phishing scenarios, such as those involving deepfake technology. This gap leaves employees unprepared for the nuanced and technologically advanced tactics used in vishing attacks, resulting in a higher susceptibility to these threats.
The Solution:
- Enhanced Interactive Simulations: Introduce more realistic and interactive simulations that incorporate the latest technologies like AI-generated voice phishing and deepfakes. These simulations will better prepare employees to recognize and respond to sophisticated attacks, reducing the risk of security breaches.
- Regular Awareness Training: Implement regular and mandatory security awareness training sessions that are updated to reflect the latest phishing techniques and trends. This continuous education is critical to ensure that all employees are equipped with the knowledge to identify and mitigate potential threats.
- Robust Reporting Systems: Develop and maintain robust systems for reporting suspicious activities. Encouraging a proactive approach to reporting can significantly enhance an organization’s ability to respond quickly to potential threats, thus fortifying its defense mechanisms against social engineering attacks.
Keepnet’s innovative approach to cybersecurity training not only prepares organizations to defend against phishing attacks but also fosters a proactive security culture. We invite readers to delve into the detailed analysis and case studies in the subsequent sections.
Company and Innovation:
Keepnet is renowned for its pioneering work in the field of security awareness training, particularly in creating phishing simulations that address the human elements of security threats. Founded on the principle of proactive defense, Keepnet has developed a suite of tools that train employees to recognize and respond to a variety of phishing attacks, including email, smishing, vishing, and, more recently, deepfake-based phishing attempts. The company’s approach combines AI technology with real-world attack scenarios to enhance the effectiveness of training modules, making it a leader in the cybersecurity training sector.
The innovation at Keepnet centers around its ability to simulate sophisticated phishing attacks in a controlled environment, allowing employees to experience the intensity and trickery of real phishing attempts without the risk. This hands-on approach is complemented by the use of AI to analyze employee responses, offering tailored feedback and training to mitigate specific vulnerabilities. The continual refinement of these simulations ensures they remain relevant as cyber threats evolve, thereby maintaining their effectiveness in a rapidly changing threat landscape.
Integrating these innovations into a cohesive narrative, Keepnet not only addresses immediate cybersecurity needs but also builds a foundation for enduring security practices within client organizations. Their solutions foster a culture of vigilance and preparedness that empowers employees, transforming them from potential security liabilities into active participants in their company’s cybersecurity defenses.
What leaders are concerned about today:
The cybersecurity solutions provided by Keepnet address critical vulnerabilities within organizations that could lead to significant financial and reputational damage. Statistics indicate that businesses without proactive phishing defense strategies are three times more likely to fall victim to cyber-attacks, emphasizing the importance of Keepnet’s solutions. By simulating realistic phishing scenarios, Keepnet effectively reduces these vulnerabilities, building a strong psychological resilience among employees against FUD, thereby minimizing the risk and impact of actual attacks.
Dashboard/User Interface:
The Keepnet dashboard offers a user-friendly interface that allows security teams to monitor real-time responses to simulations, track employee progress, and identify areas needing improvement. The design of the dashboard reflects a deep understanding of user experience, ensuring that all information is accessible with minimal navigation, which is crucial for fast-paced security environments.
CEO, Ozan UCAR: “At Keepnet, we believe in empowering employees to be the first line of defense against cyber threats. Our innovative simulations are integral to this mission.”
Gartner’s Opinion:
Gartner has praised Keepnet for its extensive and innovative approach to cybersecurity training, emphasizing its skillful integration of simulations and artificial intelligence to create realistic and highly engaging training experiences. This strong endorsement highlights Keepnet’s role as a thought leader in the cybersecurity training sector. Additionally, Keepnet has been recognized as a “Voice of the Customer” by Gartner, further validating its effectiveness and impact in the industry.
This prestigious acknowledgment serves to underscore the trust and value that Keepnet brings to the market, confirming its status as a top-tier provider of cybersecurity training solutions.
Competitors:
Knowb4, Foxhunt, Cofence, Proofpoint
The cybersecurity landscape is teeming with providers that offer a range of solutions; however, Keepnet sets itself apart through its unique suite of phishing simulation tools. Unlike many competitors who still employ traditional, lecture-based training modules that may not fully engage users or replicate real-world scenarios, Keepnet offers specialized tools tailored to modern threats.
These include a smishing simulator, vishing simulator, QR codes phishing simulator, and MFA phishing simulator. These innovative tools provide practical, hands-on experiences that are far more effective in preparing employees to face actual cybersecurity challenges, making Keepnet’s solutions not only unique but also highly effective compared to standard offerings in the market.
Solution Superiority:
Keepnet solutions distinctly excel due to their dynamic, interactive, and immersive learning experiences, which significantly deviate from traditional, passive educational approaches. Unlike conventional programs that merely convey information, Keepnet engages employees directly in their learning journey through a host of innovative phishing solutions.
These include email phishing simulators, smishing simulators, vishing simulators, QR code phishing simulators, and MFA phishing simulators. Each tool is designed to provide practical, scenario-based training that improves retention and equips employees to handle real-world cybersecurity threats effectively.
Furthermore, Keepnet enhances its platform’s appeal with an AI-driven security awareness training platform, which hosts offerings from 10 different security awareness providers. This variety ensures that organizations can select the training solutions that best fit their unique needs.
The platform supports limitless API integrations, enabling seamless connections with existing IT and security infrastructures. It also offers the capability to dispatch training modules via SMS, catering to a mobile and globally dispersed workforce.
Training delivery on the Keepnet platform is fully automated, including scheduling based on employees’ time zones to ensure optimal engagement. This automation extends to Keepnet’s sophisticated reporting options, which provide comprehensive insights into training effectiveness and employee vulnerability without manual intervention.
The behavior-based training approach adapts to user interactions, customizing content to address individual weaknesses and enhance overall cybersecurity posture.
Overall, Keepnet’ solution superiority lies in its comprehensive, automated, and flexible approach, making cybersecurity awareness and training accessible, effective, and tailored to the modern digital landscape.
Integration into Cyber Stack:
Keepnet’ solutions are designed to integrate seamlessly into an organization’s existing cyber security stack, enhancing overall security protocols without the need for extensive modifications or overhauls. This integration is facilitated through flexible API architectures that allow Keepnet’s training modules and simulation tools to work alongside other security solutions, such as incident response platforms, threat intelligence tools, and SIEM systems.
This compatibility enhances the effectiveness of security operations by providing comprehensive, behavior-based training that is informed by real-time threat data and organizational security policies. Additionally, Keepnet’s solutions can be paired with various cybersecurity products to create a unified defense strategy, thereby improving the detection and mitigation of phishing threats across multiple vectors.
Product Roadmap:
Over the next three years, Keepnet plans to expand its product suite to include new simulation types that address emerging cybersecurity threats such as AI-generated deepfakes. The roadmap also includes the development of enhanced analytics capabilities to provide deeper insights into training effectiveness and employee vulnerability.
Retention of Key Personnel:
Keepnet employs a multifaceted strategy to retain its key developers and cyber practitioners, which is significant for maintaining its innovative edge. This strategy includes competitive compensation packages, robust career development opportunities, and a work environment that fosters creativity and innovation. Keepnet also emphasizes work-life balance and employee well-being through flexible working conditions and comprehensive health benefits, creating a supportive workplace culture that attracts and retains top talent in the cybersecurity field.
Customer Success Story:
A notable success story involves a multinational corporation that implemented Keepnet’s phishing simulation tools across its global offices. Following the deployment, the company reported a 60% reduction in phishing susceptibility among employees within the first year. Metrics from this implementation show significant improvements in employee response times to phishing attempts and a greater percentage of threats being reported to the IT security team. This case study highlights the effectiveness of Keepnet’s simulations in enhancing organizational resilience against phishing attacks. See sample case studies here: https://keepnetlabs.com/case-studies
Vision and Mission:
Keepnet is driven by a vision to lead in cybersecurity resilience through innovative education and simulation-based training. Its mission is to empower organizations and their employees to proactively identify, respond to, and mitigate cybersecurity threats, thereby reducing risk and enhancing overall security posture.
This vision and mission guide daily operations and strategic decisions at Keepnet, ensuring that every product development initiative and customer engagement is aligned with the goal of making cybersecurity accessible, practical, and effective for all organizations, regardless of size or industry.
Industry Trends:
In the next 5-10 years, several key trends are expected to dominate the cybersecurity landscape. The rise of Artificial Intelligence (AI) and machine learning technologies in cyber defense and cyber-attacks, the increasing use of Internet of Things (IoT) devices in everyday business operations, and the growing threat from deepfake technologies are all critical areas. These trends will significantly influence how cybersecurity strategies are developed.
Keepnet is proactively preparing to meet these emerging challenges head-on. The company is enhancing its simulation tools to include scenarios that involve AI-driven attacks and defenses, deepfake manipulations, and IoT vulnerabilities. This preparation ensures that training modules remain relevant and effective, equipping organizations with the necessary skills to navigate the evolving cyber threat landscape.
Innovation and R&D:
Keepnet’ Research and Development (R&D) team is deeply committed to innovation, continually integrating cutting-edge technologies into their cybersecurity solutions. The R&D process includes constant exploration of how advancements in AI and machine learning can be leveraged to improve phishing simulations and training effectiveness.
Keepnet encourages a workplace environment that values creative thinking and problem-solving. Employees are motivated to come up with innovative ideas and explore new technologies. Regular training sessions, workshops, and participation in tech conferences keep the team updated and inspired.
Customer Engagement:
Engaging with customers is a cornerstone of Keepnet’s strategy. The company actively seeks out feedback from users to fine-tune its products and services. This engagement is crucial for developing solutions that truly meet the needs of modern organizations facing complex cybersecurity challenges.
A notable improvement in Keepnet’s offerings came from customer input on enhancing the realism of phishing simulations. Based on this feedback, Keepnet integrated AI technologies to create more sophisticated and believable phishing attempts, including the use of AI-generated voices and images, significantly improving training realism and effectiveness.
Regulatory Compliance:
Keepnet ensures that all its solutions comply with international cybersecurity regulations, such as GDPR and CCPA. The company faces challenges in keeping up with the fast-changing regulatory environment but overcomes these through a dedicated legal team that focuses on compliance issues.
The main challenge is the variability of cybersecurity laws across different countries, But Keepnet addresses these challenges by updating its courses regularly and ensuring that all training content is vetted for compliance with the latest regulations.
Cyber Threat Landscape:
Today, organizations are challenged by a variety of cyber threats, including sophisticated phishing attacks, ransomware, data breaches, and insider threats. The proliferation of IoT devices has also expanded the attack surface, and AI-driven attacks are becoming more prevalent, posing significant risks to unprotected systems.
Keepnet addresses these threats through comprehensive training modules that simulate real-world attack scenarios. By educating employees on the specifics of each threat type and testing their responses in a controlled environment, Keepnet enhances organizational resilience. Their solutions also help identify vulnerabilities in human responses, allowing companies to fortify their weakest links.
Partnerships and Collaborations:
Keepnet has formed strategic partnerships with leading cybersecurity technology providers, enhancing its simulation capabilities and integrating cutting-edge technologies into its training solutions. Collaborations with academic institutions have also bolstered its research and development efforts.
These partnerships provide Keepnet with access to advanced technologies and research, enabling the company to offer up-to-date and highly effective cybersecurity training. Partnerships with technology vendors allow for seamless integration of Keepnet’s solutions into existing security infrastructures, enhancing overall cybersecurity posture.
Company Culture:
Keepnet fosters a culture of innovation, collaboration, and respect. The company supports an open communication environment where ideas can be shared freely and feedback is encouraged.
Initiatives include flexible working arrangements, continuous professional development opportunities, and wellness programs that address both physical and mental health. Keepnet also offers mentorship programs, encouraging knowledge sharing and professional growth within the company.
Sustainability and Ethics:
Keepnet is committed to sustainable practices by minimizing its environmental impact and ensuring its operations and solutions are energy efficient. Ethically, the company adheres to high standards, particularly in data protection and privacy, ensuring all solutions.
Keepnet ensures that its solutions are used responsibly by providing comprehensive training on the ethical implications of cybersecurity practices. The company also conducts regular audits to ensure compliance with ethical standards and sustainability goals.
Future Outlook:
Opportunities lie in expanding into emerging markets and further developing AI-driven training solutions to anticipate and counteract sophisticated cyber attacks.
Keepnet plans to invest heavily in R&D to innovate further and stay ahead of emerging cybersecurity trends. Expanding its global footprint and forging new partnerships will also be key strategies to address market needs and foster growth.
Company Contact Information:
Keepnet Email: [email protected] Phone: +44 (0)1223 926 610, Website: https://www.keepnetlabs.com
About the Author
Dan K. Anderson, Winner Top Global CISO of the year 2023
Dan currently serves as a vCISO and On-Call Roving reporter for Cyber Defense Magazine. BSEE, MS Computer Science, MBA Entrepreneurial focus, CISA, CRISC, CBCLA, C|EH, PCIP, and ITIL v3. Dan’s work includes consulting premier teaching hospitals such as Stanford Medical Center, Harvard’s Boston Children’s Hospital, University of Utah Hospital, and large Integrated Delivery Networks such as Sutter Health, Catholic Healthcare West, Kaiser Permanente, Veteran’s Health Administration, Intermountain Healthcare and Banner Health. Dan has served in positions as President, CEO, CIO, CISO, CTO, and Director, is currently CEO and Co-Founder of Mark V Security, and Cyber Advisor Board member for Graphite Health. Dan is a USA Hockey level 5 Master Coach. Current volunteering by building the future of Cyber Security professionals through University Board work, the local hacking scene, and mentoring students, co-workers, and CISO’s.