An Interview with Keepnet Labs

Blog | Posted: 03-06-2024
Row curve

Our Solutions Engineering Manager, Kobi Hunn, asked Simon Nicholls, VP of Sales at Keepnet Labs, some questions. Here’s what they had to say:  

1. So Simon, tell me what attracted you to Keepnet?  

Prior to joining Keepnet as VP of Sales, I had been working with the Keepnet platform for 2 years. The MSP I was running was focused on running fully managed cyber awareness campaigns for customers. At the time we were using a few different vendors including KnowBe4 and Keepnet. I saw the potential that Keepnet had in terms of technology and unique features, and as part of an acquisition I came on board to be the first Sales Leader for Keepnet.  

 

2. Who are Keepnet and what do they do? 

Keepnet is a Human Risk Management SaaS platform. The platform allows companies to test user behaviour when met with a range of social engineering attacks such as email phishing, voice phishing, SMS phishing and QR code phishing. Coupled with over 1,600 pieces of best-in-class security awareness training, companies can build a cyber-resilient workforce against modern hacking techniques. We aim to create a safe and secure digital environment for all, free from social engineering threats. 

  

3. Organisations are increasing cybersecurity spending by tens and sometimes hundreds of thousands of pounds a year. But all it can take is one email that can bring down an organisation. Why do you think that is? 

It’s still the case that 95% of security breaches stem from the human layer. Unfortunately, as security products get more advanced, so do the hackers launching the attacks. Users will inevitably be met with many phishing and malicious emails each year and 1 false move can lead to disaster. This is highlighted by the recent MGM and Caesars attacks, where a 10-minute voice call led to a complete lockdown of their systems and a $100m cost to both businesses. 

  

4. I think everyone has received a phishing email at some point in time, whether that be on a personal or work email address. It seems like they are getting a lot more sophisticated and harder to spot. Why do you think this is and are there other types of phishing?

Since the launch of Chat-GPT there’s been a 1,265% increase in malicious phishing emails. These emails are linguistically complex, have proper punctuation and spelling. Long gone are the days of the “Prince of Nigeria” emails. Jailbroken versions of Chat-GPT such as WolfGPT and WormGPT remove the constraints of traditional Chat-GPT and can be used as malicious tools to create ultra-realistic phishing emails. 

  

5. How do you think the rise of Generative AI will affect the types of phishing organisations will start to receive? 

As mentioned in my point above, the jailbroken versions of Chat-GPT can be used for more than just generating phishing emails. Without any coding knowledge, hackers can create malicious payloads simply by asking the tool to generate one. These payloads can also be automatically designed to bypass certain security products. The rise of the deepfake is a concern too. Highlighted by a firm in Singapore recently where an accountant transferred $25m to an unknown account whilst on a call with the company’s “CFO”. In fact, this was a deepfake Teams call mimicking the voice and face of the CFO.

 

6. In the ever-changing threat landscape, the end user can be considered as an organisation’s ‘front line’ and sometimes their biggest attack surface. This is largely due to remote working and the increase in SaaS (Software as a Service) applications. I believe that threat actors also think the same, almost seeing them as an ‘easy target’. What can organisations do increase the ‘human intelligence’ of their end-users? 

As part of a well designed multi-layer security strategy, human education is key to dealing with the zero day and well designed attacks that bypass other security measures. Testing user susceptibility to falling for a modern social engineering technique and providing best-in-class training to plug those knowledge gaps is essential. Close collaboration between security awareness teams and technical security teams is key here too, so that when attacks are identified, they can be responded to quickly. 

  

7. There are a lot of content providers out there. In your experience, what makes a good content provider stand out and what keeps people engaged? 

Keep it regular, short, and digestible. When working with and selecting content providers for Keepnet, these are the things that we look for. If a training is too long, people disengage. For optimal results, regular training modules need to be pushed out to users covering a range of topics that are important to building a strong cyber-resilient mindset. So we look for a training library that covers a wide range of topics across the cyber security landscape. I also feel that a knowledge check is important, to make sure training has been embedded. In my opinion a short 1 to 5 question quiz at the end of the training ensures the user has paid attention and it will stay in their mind.