There’s business in the basics as corporate America embraces opsec apps

KnowBe4 adoption grew by 178 percent, while LastPass and Proofpoint each grew by at least 100 percent, a new Okta report found.
thumbs up corporate opsec cybersecurity infosec
(Getty Images)

New evidence suggests corporate America is embracing some of the basic cybersecurity functions that the experts have advocated for years.

In a report of more than 5,600 customers, identity management Okta found that three cybersecurity services ranked at the top of the list of the fastest-growing apps in corporate America. The security training platform KnowBe4, the password manager LastPass and the email security service Proofpoint landed in the top three spots, respectively, ahead of the video-conferencing service Zoom and software from Adobe.

Security incidents are expensive, after all, and it’s often much more cost-effective to train workers about opsec, safeguard their passwords and protect their emails. An unrelated Ponemon Institute report found that the average cost of a stolen record is $148, and a typical enterprise shells out $3.86 million to recover from a data breach. And the Okta report, published Thursday, provides the latest evidence corporate executives are scrambling to build cybersecurity into their applications in an attempt to avoid being victimized in the next major hack.

KnowBe4 adoption grew by 178 percent, while LastPass and Proofpoint each grew by at least 100 percent, Okta found.


Okta attributed the Florida-based KnowBe4’s explosive growth to a widespread lack of employee security training. Forty-nine percent of Okta’s respondents said they never participated in security training at work, despite numerous industry studies finding that most data breaches occur because of human error, not hackers. KnowBe4 provides simulated phishing tests, security training videos, suggestions for improving enterprise security and modules on how to avoid social engineering.

Password security practices haven’t been much better. The quick growth for LastPass seems to be the result of a belated corporate realization that employee passwords present a significant vulnerability. Nearly 40 percent of Okta’s survey respondents said they use the same two to four passwords for “almost everything,” and 10 percent admitted they use only one password.

“This bad behavior reveals a big opportunity for companies to automate their password process,” Okta reported. “[W]e see more companies turning to [multi-factor authentication] to reduce the risks that come with bad passwords and protect against costly breaches.”

Seventy percent of the companies analyzed use two to four different factors, such as Okta’s Verify service, SMS messages, Google Authenticator, Duo security, the YubiKey, or another tool.

“When we look at the percentage of Okta customers using various factors, we see a slow but steady shift toward more secure factors (app generated codes, push authentication, and physical keys) and away from lower assurance factors like SMS and security questions,” Okta found.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts