CyberRisk Collaborative (CRC) is proud to announce KnowBe4 as the first member of its Trusted Partner Program. Recognized for its excellence in security awareness training, KnowBe4’s inclusion in this exclusive program underscores its role as a leader in cybersecurity education, helping organizations fortify their defenses against modern cyber threats, including ransomware.
In conjunction with this announcement, CRC hosted a webinar on November 12, 2024, titled “A CISO’s Guide to Outsmarting Ransomware.” This session brought together cybersecurity experts to explore effective strategies for embedding a security-first culture across organizations to combat ransomware. The expert panel featured Matt Stiak, Director of Cyber Risk Management at Delta Dental of California, and Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. The event underscored that while technology remains critical, a proactive security culture may be a company’s most effective line of defense.
Building a Culture to Counter Ransomware
During the session, Stiak and Grimes shared practical insights into cultivating a security-focused mindset throughout an organization. Their key recommendations align with the strategies highlighted in KnowBe4’s approach to security culture, which aims to empower employees and reduce organizational vulnerability to cyber threats.
- Delivering Engaging and Continuous Security Training
The panel emphasized the value of ongoing, engaging security training tailored to the needs of different departments. Stiak and Grimes suggested using short, interactive training sessions and gamification techniques, such as quizzes and rewards, to increase engagement and retention. They also recommended role-specific training to address unique risks in departments like finance or IT, ensuring employees are better equipped to handle the specific threats they may face. - Simulating Realistic Ransomware Scenarios
According to the experts, training alone is not enough. Organizations should conduct phishing simulations and ransomware drills to allow employees to practice identifying threats and reporting incidents. These exercises familiarize employees with early warning signs, reinforce reporting protocols, and help them feel prepared to respond to actual threats. - Emphasizing the “Why” Behind Security Protocols
The panel highlighted the importance of helping employees understand the purpose behind security measures. By sharing real-world ransomware case studies, Stiak and Grimes illustrated how each employee’s actions play a crucial role in safeguarding the organization. This approach helps employees feel more connected to security practices, making them more likely to actively participate in maintaining a secure environment. - Encouraging a “See Something, Say Something” Culture
Creating an environment where employees feel comfortable reporting suspicious activities is crucial to proactive threat management. Stiak and Grimes recommended training staff to recognize signs of potential threats and offering anonymous reporting options to encourage participation. Reassuring employees that all reports, even false alarms, are valued helps create a proactive security culture. - Leveraging Leadership and Peer Influence
The panel also stressed the importance of leadership involvement in security initiatives. When executives and managers actively participate in training, it signals to employees that security is a top priority. Stiak and Grimes advocated for identifying security champions within teams who can act as points of contact for peers, as well as sharing success stories where employee vigilance prevented incidents. This creates a sense of ownership and responsibility across the organization.
The Benefits of the CRC Trusted Partner Program for CISOs and Their Organizations
The CRC Trusted Partner Program is designed to provide CISOs and their organizations with reliable access to vetted cybersecurity vendors and resources, like KnowBe4, that have demonstrated expertise and innovation. This exclusive network of trusted partners offers CRC members a valuable resource for addressing complex cybersecurity challenges. By having access to a curated list of proven solutions, CISOs can make more informed decisions on vendors, ensuring that they are working with companies that align their strategic goals and high standards.
Additionally, CRC events, such as the recent ransomware webinar, give members the opportunity to learn from industry experts and gain insights into emerging cybersecurity strategies and technologies. Attending these events is crucial for CISOs and their teams as it provides them with actionable takeaways to implement within their own organizations. These sessions go beyond theory, offering practical steps to build a security-first culture, enhance resilience, and mitigate risks effectively. By fostering a community where security leaders can exchange ideas and solutions, CRC empowers its members to stay ahead of threats and continuously improve their security posture.
As ransomware and other cyber threats evolve, the CRC Trusted Partner Program and its events will continue to be instrumental in helping organizations foster strong security cultures and proactive defenses. For CISOs, these programs not only provide a network of trusted vendors but also ensure access to the latest thought leadership and best practices that are essential for protecting their organizations.
