Protecting humans means protecting the tools humans use.
Human risk management (HRM) means reducing human-based risk, or in our particular area, human-based cybersecurity risk. Study after study has shown that, in one way or another, humans are involved in the vast majority of cybersecurity incidents.
Sometimes it is humans being tricked into making faulty security decisions by social engineering. Other times, it is making faulty choices that end up lessening security protections or accidentally sending confidential information to the wrong people. Human risk even involves maliciously-minded employees who do not have their employer’s best interests at heart – insider threat. There are myriad ways that humans are involved in making decisions and performing actions that result in cyber compromises.
Much of HRM involves training. Training in how to recognize, mitigate, and report threats (i.e., security awareness training), coaching in how to make better security decisions, and education in how to securely configure systems. Of course, using cybersecurity tools and products to prevent threats from getting to users, where they have to make critical security decisions in the first place, is even better.
KnowBe4 and its products are directly involved in all of that.
We have:
Nothing in the cybersecurity world stays the same for long. Since OpenAI’s release of ChatGPT in October 2022, the world has been involved in a huge paradigm shift from traditional computer tools to Artificial Intelligence- (AI) enabled tools. Within a few years, almost all traditional cyber tools will be converted to AI-enabled versions. Most new cyber tools will be created to be AI-enabled from the start. The cyber world has quickly become an “AI first” ecosystem.
KnowBe4 has been using AI and its precursors (like machine learning) for over 10 years!
Today, everything we do is AI first. That is because we can see that AI-enabled cybersecurity defense tools have real value. Our data shows that our customers who use our AI-enabled tools, like AIDA, are more efficient and have better outcomes.
For example, allowing AIDA to select simulated phishing templates to test employees results in two to three times more educational opportunities, and that results in real human risk reduction. We know that when our customers use AI, it results in better human decisions and actions.
KnowBe4 is also evolving to better protect the AI-enabled tools that humans use to protect themselves. As mentioned above, every traditional cybersecurity defense is being AI-enabled (again, because of better outcomes and efficiencies). Our AI agents are quickly becoming an extension of ourselves. We are only going to get more AI agents to help defend ourselves over time. How well our own AI agents do in defending us will directly impact human risk.
Many traditional everyday cyber tools we use, like browser extensions, are quickly being augmented with AI and becoming AI agents for us. We wrote about this here.
There is a decent chance that in the near future, AI agents will take over much of the way we interface with the Internet and each other over the Internet. For example, many believe the reigning days of browsers, email and websites are soon coming to an end. All those things will be quickly replaced with a personalized AI agent that runs on our devices to assist us in doing the things we used to do with separate tools. Instead of using a browser to search for something, we will just ask our AI agent to do it.
Instead of booking travel (e.g., flights, car rentals, hotels, etc.) we will just ask our AI agent to do it. Our AI agent will know our preferences. It will know that we prefer exit row seating next to the window on airplanes, specific hotel chains, mid-sized SUVs and like to scuba dive. It will know all this and automatically take care of the arrangements without being required to visit four different websites, typing in most of the same information about the trip to make it happen.
The centralized AI agent will keep our communication threads separate and informational, whether the people we are communicating with use email, SMS, WhatsApp or a phone call. No need to keep track of people or groups across separate apps. There is a decent chance that all the ways we used to communicate on the Internet (and our phones) are seen as similar to people who used to use typewriters, travel agents and carbon paper to make copies.
Hackers have always attacked what is most used and most popular. That particular fact has remained consistent throughout the decades.
Note: I first wrote about the IT security fact that hackers hacked the most popular software the most in 2009. I called it the Grimes Corollary. The only difference now is that I was just referring only to software back then, and now that corollary must be expanded to include hardware, services and sites, too.
Accordingly, any of the popular AI agents a company uses and what we use personally will become the primary targets of hacking attacks. It is guaranteed. Soon, the cybersecurity battleground will be made up of AIs, AI interfaces, AI agents and, of course, their human operators.
To that end, KnowBe4 is re-dedicating itself to protecting the AI agents that humans use to protect themselves, along with the humans. We are hard at work, creating AI defense agents that will protect your AI agents. It is a natural step for any cybersecurity organization that wants to decrease human risk. You cannot efficiently decrease human risk without also protecting the agents that the humans use for safety.
It is a slight mental shift in how we imagined ourselves working and protecting human behaviors and actions as compared to the past, but one we are wholly committed to making come true in the near future. Pretty soon, it probably will not sound like heresy to say our online lives are a combination of us and our agents.
Protecting humans and reducing human risk means protecting the tools they use to protect themselves. KnowBe4 is on it.
