Roger Grimes

Data-Driven Defense Evangelist

Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

Request This Speaker

On-Demand Webinars

See All KnowBe4 Webinars

Books

Find all of Roger's books on Amazon

Next Week is World Password Day!

Apr 26, 2024 8:20:19 AM By Roger Grimes

May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever!

You Really Are Being Surveilled All the Time

Apr 15, 2024 3:56:30 PM By Roger Grimes

“If the product is free, you are the product!” No truer words have ever been spoken. But in today’s internet-connected, ad-everywhere world, even if you are paying for the product or ...

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

Apr 9, 2024 2:05:26 PM By Roger Grimes

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity.

Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report

Mar 21, 2024 11:37:14 AM By Roger Grimes

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful ...

CISA Recommends Continuous Cybersecurity Training

Mar 21, 2024 8:37:04 AM By Roger Grimes

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity ...

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Mar 15, 2024 10:32:57 AM By Roger Grimes

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.

How Much Will AI Help Cybercriminals?

Mar 12, 2024 9:27:29 AM By Roger Grimes

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better.

Three Essential Truths Every CISO Should Know To Guide Their Career

Mar 11, 2024 9:11:56 AM By Roger Grimes

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.

Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks

Mar 5, 2024 6:45:26 AM By Roger Grimes

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does ...

Game-Changer: Biometric-Stealing Malware

Feb 28, 2024 2:25:55 PM By Roger Grimes

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...

Credential Theft Is Mostly Due To Phishing

Feb 28, 2024 12:21:10 PM By Roger Grimes

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...

Anyone Can Be Scammed and Phished, With Examples

Feb 21, 2024 3:23:29 PM By Roger Grimes

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...

Hard Lessons From Romance Scams

Feb 12, 2024 10:32:16 AM By Roger Grimes

Seeing as this week is Valentine’s Day, I should have written something about rom coms, true love, and trusting your heart more. But this is not one of those posts. This post is about ...

Calculating Materiality for SEC Rule 1.05

Feb 9, 2024 12:03:21 PM By Roger Grimes

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches ...

Cybersecurity Resiliency and Your Board of Directors

Feb 8, 2024 2:41:03 PM By Roger Grimes

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors ...

AI Does Not Scare Me, But It Will Make The Problem Of Social Engineering Much Worse

Jan 22, 2024 2:05:54 PM By Roger Grimes

I am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic ...

Beware of "Get to Know Me" Surveys

Jan 11, 2024 1:46:46 PM By Roger Grimes

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always ...

Beyond the Scams: Unraveling the Dark Tactics of Real-World Kidnapping Scams and Virtual Extortion

Jan 10, 2024 2:53:03 PM By Roger Grimes

The world can be a scary and dangerous place. Its unethical scammers have no problem doing almost anything to make a buck, but sometimes, their plots seem to be extra messed up.

Beware of Fraudulent Charge Messages

Jan 5, 2024 1:19:09 PM By Roger Grimes

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.

A Dream Team Security Awareness Training Program?

Jan 2, 2024 1:29:27 PM By Roger Grimes

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness ...

Security Awareness Training Blog

View Topics