Even as cybersecurity becomes ever more high-tech, KnowBe4 Inc. knows that companies cannot stay completely secure unless all the humans are on board as well.

About 70 to 90 percent of data breaches come down to some level of human involvement, according to Perry Carpenter (pictured), chief human risk management strategist at KnowBe4, which helps organizations reinforce their human firewall and build a stronger security culture.

“To really make a difference with all the data breaches that we’re seeing, awareness is not and it has never been enough,” he said. “How many people that are good, well-intentioned people have already forgotten or discarded all of their New Year’s resolutions? Human risk management is all about understanding human nature at its core, and building programs [that] … work with human nature rather than against it.”

Carpenter spoke with theCUBE Research’s Christophe Bertrand at the Cyber Resiliency Summit, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed KnowBe4’s human-centric cybersecurity strategies, combining training, simulations and AI to address human risk and strengthen organizational defenses. (* Disclosure below.)

KnowBe4’s strategy for cybersecurity training

As online content has become extremely targeted, so has phishing, which is why Carpenter believes it is critical to build trust between the security team and employees. KnowBe4 is a learning management platform that supports cybersecurity awareness training for their customers’ staff.

“We typically put all of our faith and hope in technology to save us,” Carpenter said. “What we have to realize is that technology, yes, may be part of the answer, but we do have to work at behavior. We have to think about culture, we have to think about social pressures [and] social dynamics. Then, you have to build programs that address those fundamental human-based risks.”

KnowBe4 has a three-pronged strategy, starting with outreach to employees, followed by training and simulations, and lastly, adaptive and learner-dependent tools. This strategy falls under the umbrella of human resource management and is called HRM+. It incorporates automation into employee training and management.

“The fundamental thing about training and simulations is that it is participatory,” Carpenter said. “Simulated phishing tests are a very good example of that. But a tabletop exercise could be an augmented or virtual reality game. The last [circle] is … that real-time adaptive, learner-dependent, or learner-aware bucket where you’re always doing something that is very individual.”

Artificial intelligence can give a boost to cybercriminals who might not be particularly skilled otherwise, according to Carpenter, who calls AI a “double-sided coin” that can execute all types of human scams faster and easier than ever before. However, KnowBe4 has also employed AI as part of its defense. The company released four AI agents recently and plans to release more in 2025.

“We have a program, a set of what we call artificial intelligence defense agents,” Carpenter said. “We have AI based targeting for training that is individualized to users. We have it to where you can upload your own policies and quiz people on the policies using generative AI systems and create question sets and scenarios that they can place the learner in.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the Cyber Resiliency Summit:

(* Disclosure: KnowBe4 Inc. sponsored this segment of theCUBE. Neither KnowBe4 nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE