Cybersecurity daily news

MSSP Market Update: KnowBe4 Research Says Security Awareness Training Works

Presentation, training and coaching with a business woman talking to an audience during a workshop. Convention, speech and teaching with a female speaker giving a seminar to a group of employees.

Does security awareness training (SAT) really work?

KnowBe4 wanted to find out, so they commissioned some research. In a new white paper, KnowBe4 combined information on over 17,500 data breaches from the Privacy Rights Clearinghouse database along with KnowBe4's customer data to determine the effectiveness of security awareness training (SAT) in reducing data breaches. 

Turns out, it does make a difference.

Organizations with effective SAT programs are 8.3 times less likely to appear on public data breach lists annually compared to general statistics, according to the research. A whopping 97.6% of KnowBe4's current U.S. customers have not suffered a public data breach since 2005, and 73% of breaches involving current KnowBe4 customers occurred before they implemented the company's SAT program.

The full white paper, "Effective Security Awareness Training Really Does Reduce Breaches," can be downloaded here.

Now, here's today's MSSP update. Drop me a line at [email protected] if you have news to share or want to say hi!

Today's MSSP Update

1. Commvault launches backup and recovery for AD: Commvault this week launched Commvault Cloud Backup & Recovery for Active Directory Enterprise Edition. The new offering enabling automated, rapid recovery of the Active Directory forest, which includes users, groups, permissions, and domain controllers across the organization. This new offering eliminates slow and error-prone manual processes often associated with Active Directory forest recoveries.

2. RIIG names Marvin 'Ben' Haiman to advisory board: Cybersecurity solutions provider RIIG has named Marvin 'Ben' Haiman to the company's advisory board. Currently, Haiman is the Executive Director for the Center for Public Safety and Justice at the University of Virginia and an Assistant Professor. He is also a Visiting Fellow and Research Scholar with Rutgers University. In addition, Haiman served as the Chief of Staff for the Metropolitan Police Department of Washington, D.C. where he oversaw daily operations of the Executive Office of the Chief of Police and was responsible for broad agency management and implementing strategic agency objectives. Previously, Haiman served as Director for the Homeland Security Advisory Council for the United States Department of Homeland Security, where he established several key task forces for the Secretary (e.g., Foreign Fighters, Integrity & Use of Force).

3. BlackFog, Carahsoft partner to prevent ransomware: Ransomware protection solutions firm BlackFog and government IT solutions provider Carahsoft Technology Corp. announced a partnership to enhance ransomware protection in the public sector, the companies said. Carahsoft will serve as BlackFog’s Master Government Aggregator, making the company’s AI-based ransomware prevention solution available to government agencies through Carahsoft’s reseller partners and NASA Solutions.

4. AppOmni announces compliance checks for CISA BOD 25-01: AppOmni has announced SaaS security compliance checks for CISA BOD 25-01, the mandate requiring federal government agencies to properly secure their cloud applications, starting with Microsoft 365. The company is also providing a free Secure Cloud Business Applications (SCuBA) compliance assessment to all public and private sector organizations.

5. Nominet hack blamed on Ivanti VPN zero-day: Official .UK domain registry Nominet had its network compromised in an attack exploiting an Ivanti VPN zero-day flaw earlier this month, reports BleepingComputer. The incident is still under investigation, but Nominet, which is among the major country code registries, said it hadn't determined any proof of backdoor injections. Active exploitation of the Connect Secure zero-day, tracked as CVE-2025-0282, was confirmed by Ivanti last week. Initial intrusions targeting Ivanti Connect Secure appliances impacted by CVE-2025-0282 facilitated the Spawn malware toolkit associated with the China-nexus cyberespionage operation UNC5337 before deploying the newly emergent Phasejam and Dryhook payloads, according to Mandiant researchers.

Sharon Florentine

Sharon manages day-to-day content on ChannelE2E and serves as senior managing editor for CyberRisk Alliance’s Channel Brands. She also covers enterprise-class technology companies, strategic alliances and channel partner strategies. Sharon is a veteran tech journalist and editor with more than 25 years experience in the industry, and has previously held key editorial, content and leadership positions at Techstrong Group, CIO.com, Ziff Davis Enterprise and CRN.

You can skip this ad in 5 seconds