9
KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches
(www.itsecurityguru.org)
this post was submitted on 14 Jan 2025
9 points (100.0% liked)
Pulse of Truth
957 readers
49 users here now
Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Oh well what a surprise... KnowBe4 confirms that the bullshit corporate "training" KnowBe4 sells is effective. Color me surprised...
If you don't know KnowBe4, here's a perspective from yours truly who works in a company that inflicts it on its employees:
Basically, once every few weeks, you're supposed to hit KnowBe4's website and follow a "training" module. It can be anything from data security, how not to get phished, workplace security...
So you go to that website and you're forced to watch videos after videos of really dumb, really obvious shit on the subject at hands, created by marketdroids who really cranked up the corporate-speak volume to 11. It's maddeningly stupid and you really want to skip through it because it's so damn obvious and infuriating, but you can't! If you do, you fail the module. But you can fast-forward it and put it in the background at least.
Then it pops a multiple choice question about the really obvious video you just (didn't) watch. Again, with really stupid obvious answers. You're supposed to select the right answers to show you've learned whatever the video talked about. If the video was in the background because you were doing actual, useful stuff instead of wasting your time watching this tripe, remember to answer the questionnaire in time or you fail the module.
Do this a few times, and after 10 to 15 minutes, voila! You have now been trained.
Of course, since you don't have time for this nonsense and there's real work to do, you can put off doing it. But after a few months, you're 10, 12, 15 "trainings" behind and HR starts breathing down your neck. So at some point you relent and spend half a day clearing the backlog of unskippable KnowBe4 training sessions designed for 5 year-olds with a learning disability.
It's a complete time-waster. It's long. It teaches you almost nothing of value. It immerses you in a terrible world of bland corporate imagery, fake inclusivity and maddening AI-generated voice-over. It wastes countless man-hours across the entire company that could have been used productively.
But my employer isn't one for BS. So I got curious at some point and asked my boss why we use KnowBe4, and he finally gave me the key to that particular company's scam.
He told me: "Well, it's not really of any value, but it's the only online training package that's quick enough and cheap enough to satisfy legal and insurance requirements. So for example, if the insurance company lowers rates if the staff is fire-hazard-aware or threatens to withhold payouts in case of a fire if they were not, we buy a training package from KnowBe4 on the risks of fire and have everybody go through it. It's cheaper to waste everybody time for a while than risk trouble with the insurance company and it's cheaper than bringing in actual professional to do an actual training session."
That's it. That's KnowBe4's entire business model: fake training for compliance.
My advice is this: if you work in a company that doesn't use KnowBe4, go have a drink to celebrate because you're one of the lucky ones.
Small tip, you can generally use the accessibility features to look at the transcript and skip ahead using that.
Yeah I do that too. It's still a PITA though.
True.