Roger Grimes

Data-Driven Defense Evangelist

Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

Request This Speaker

On-Demand Webinars

See All KnowBe4 Webinars

Books

Find all of Roger's books on Amazon

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

May 16, 2024 12:54:01 PM By Roger Grimes

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.

Google’s Multi-Party Approval Process Is Great, but Not Unphishable

May 10, 2024 1:49:20 PM By Roger Grimes

Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...

Is RogerLovesTaco$24 a Strong Password?

May 2, 2024 3:32:01 PM By Roger Grimes

Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this.

The Art of Huh?

Apr 29, 2024 2:03:05 PM By Roger Grimes

One of the best things you can teach yourself, your family, and your organization is how to recognize the common signs of phishing and how to mitigate and appropriately report it.

Next Week is World Password Day!

Apr 26, 2024 8:20:19 AM By Roger Grimes

May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever!

You Really Are Being Surveilled All the Time

Apr 15, 2024 3:56:30 PM By Roger Grimes

“If the product is free, you are the product!” No truer words have ever been spoken. But in today’s internet-connected, ad-everywhere world, even if you are paying for the product or ...

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

Apr 9, 2024 2:05:26 PM By Roger Grimes

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity.

Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report

Mar 21, 2024 11:37:14 AM By Roger Grimes

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful ...

CISA Recommends Continuous Cybersecurity Training

Mar 21, 2024 8:37:04 AM By Roger Grimes

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity ...

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Mar 15, 2024 10:32:57 AM By Roger Grimes

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.

How Much Will AI Help Cybercriminals?

Mar 12, 2024 9:27:29 AM By Roger Grimes

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better.

Three Essential Truths Every CISO Should Know To Guide Their Career

Mar 11, 2024 9:11:56 AM By Roger Grimes

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.

Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks

Mar 5, 2024 6:45:26 AM By Roger Grimes

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does ...

Game-Changer: Biometric-Stealing Malware

Feb 28, 2024 2:25:55 PM By Roger Grimes

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...

Credential Theft Is Mostly Due To Phishing

Feb 28, 2024 12:21:10 PM By Roger Grimes

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...

Anyone Can Be Scammed and Phished, With Examples

Feb 21, 2024 3:23:29 PM By Roger Grimes

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...

Hard Lessons From Romance Scams

Feb 12, 2024 10:32:16 AM By Roger Grimes

Seeing as this week is Valentine’s Day, I should have written something about rom coms, true love, and trusting your heart more. But this is not one of those posts. This post is about ...

Calculating Materiality for SEC Rule 1.05

Feb 9, 2024 12:03:21 PM By Roger Grimes

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches ...

Cybersecurity Resiliency and Your Board of Directors

Feb 8, 2024 2:41:03 PM By Roger Grimes

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors ...

AI Does Not Scare Me, But It Will Make The Problem Of Social Engineering Much Worse

Jan 22, 2024 2:05:54 PM By Roger Grimes

I am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic ...

Security Awareness Training Blog

View Topics