Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Roger Grimes

Roger Grimes
Roger A. Grimes is a Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with the world’s largest and smallest companies, and militaries, and he has seen what does and doesn’t work. Grimes was a weekly security columnist for InfoWorld and CSO magazines from 2005 - 2019. He regularly presents at national computer security conferences, and has been interviewed by national magazines and radio shows, including Newsweek magazine and NPR’s All Things Considered. Roger is known for his often contrarian, fact-filled viewpoints.
Find me on:
 

Recent Posts

When the URL Domain Is Not Enough To Avoid a Phish

Aug 31, 2021 2:44:06 PM By Roger Grimes
One of the most common mantras in security awareness training is “Examine the URL to determine if it points to the legitimate vendor or not!”
Continue Reading

How to Defeat REvil Ransomware

Jul 9, 2021 11:04:06 AM By Roger Grimes
The REvil ransomware gang is in the news again! This time for a supply chain attack and the largest public extortion demand ever – $70 million dollars.
Continue Reading

Turning Compliance Into Tangible Security

Jun 23, 2021 1:44:50 PM By Roger Grimes
Compliance and security are supposedly about risk management. Both seek to reduce the chances that threats and their risks will be able to successfully exploit a target. But they are ...
Continue Reading

Understanding Ransomware’s True Costs

Jun 18, 2021 8:00:00 AM By Roger Grimes
We all know ransomware is pretty bad, but if you are a cybersecurity risk manager trying to justify the latest purchase to mitigate it, nailing down real numbers can be pretty hard. There ...
Continue Reading

The Future Of Ransomware

Jun 8, 2021 1:27:07 PM By Roger Grimes
Ransomware is pretty bad right now. It is taking down nearly any company and industry it can, targeting healthcare, energy infrastructure, and food supplies with equal aplomb. It takes ...
Continue Reading

Everyone Has It Wrong. It Is Not Double Extortion, It Is Quintuple Extortion!

Jun 3, 2021 2:12:53 PM By Roger Grimes
I keep seeing a new ransomware term, “double extortion” being discussed. It is the hot, new buzzword surrounding ransomware. This term attempts to summarize how ransomware is no longer ...
Continue Reading

Cybersecurity Insurance Landscape Is Fundamentally Changing Right Now

May 26, 2021 8:36:48 AM By Roger Grimes
By Roger Grimes. Ransomware is stealing so much money and interrupting so many businesses that it might be the beginning of their undoing. It is certainly radically changing the ...
Continue Reading

More Targeted Phishing Attacks Are Coming!

May 24, 2021 9:40:11 AM By Roger Grimes
I have been in the cybersecurity business for 34 years. I am not an innately brilliant, but one of the things I seem to do well is to spot trends as they happen early in their cycle. It ...
Continue Reading

Paying the Ransom Is Not Just About Decryption

May 14, 2021 1:02:38 PM By Roger Grimes
I just read that a well-known pipeline company paid $5M to the ransomware hacker group. And despite that, they are still having to use their backups because the decryption process is too ...
Continue Reading

Your Organization Needs to Take Security Awareness Training More Seriously

May 11, 2021 4:08:50 PM By Roger Grimes
Your organization needs to take security awareness training (SAT) more seriously. I mean truly serious, really serious, and not relegated to some quasi-, semi-serious status that the vast ...
Continue Reading

Why Should We Care About Personal Smishing Attacks?

Apr 29, 2021 10:33:34 AM By Roger Grimes
I am not sure what is going on these days, but for several weeks, I have received far more SMS-based phishing (i.e., smishing) attacks than usual.
Continue Reading

There Is No Herd Immunity in the Digital World

Mar 30, 2021 4:31:46 PM By Roger Grimes
When I was first starting off in my career, I wanted to be a doctor. As life often goes, I got waylaid. Wanting to be a doctor turned in an accounting major and CPA certification, quickly ...
Continue Reading

Forensically Investigating Phishing To Better Protect Your Organization

Mar 25, 2021 11:37:24 AM By Roger Grimes
The single best thing you can do to reduce cybersecurity risk in your environment is to prevent and mitigate social engineering – phishing in particular. The first and best thing any IT ...
Continue Reading

Many Ways To Hack MFA

Mar 22, 2021 10:35:56 AM By Roger Grimes
I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...
Continue Reading

Make No Mistake, This Changes Everything: Nation-State 2.0

Mar 17, 2021 8:00:00 AM By Roger Grimes
Every organization needs to figure out their increased cyber risk from nation-state warfare attacks and deploy mitigations.
Continue Reading

6 Advanced Email Phishing Attacks

Mar 16, 2021 10:32:51 AM By Roger Grimes
No matter how good your policies and technical defenses are, some amount of phishing will get to your end users in a given month. They must be trained to recognize social engineering ...
Continue Reading

The Good, the Bad, and the Ugly About MFA

Mar 8, 2021 11:48:24 AM By Roger Grimes
I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...
Continue Reading

Caught by a CAPTCHA?

Feb 15, 2021 3:15:42 PM By Roger Grimes
Be aware of being involved in malicious CAPTCHA solving.
Continue Reading

It’s Not Only About the URL

Feb 11, 2021 3:01:41 PM By Roger Grimes
You have to look at the totality of an email to determine whether it is a phishing attack or not.
Continue Reading

The Three Best Things You Can Do To Improve Your Computer Security

Feb 9, 2021 7:48:35 AM By Roger Grimes
The three best things you can do to improve your computer security, bar anything, have been the same three things you should have already been doing for the entirety of computers. The top ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews