Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

KnowBe4: Users Gonna Click, KnowBe4’s Got Your Back

Truth in IT
05/09/2025
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


Hi Mike Matchett with Small World Big Data. We are here at RSAC 2025 talking all the latest and greatest cybersecurity vendors. We are here with KnowBe4, which you've probably heard of. Uh, tell us a little bit, Roger, what does KnowBe4 really focus on in cybersecurity? I know it has something to do with social phishing and the rest of it. How would you say it? Uh, human risk management trying to decrease cybersecurity risk. That's due to humans. So a big part of that is security awareness training, where you're trying to help people recognize and avoid being scammed. That's a piece of it. Uh, coaching them, nudging them to make the right security decisions. Uh, part of our thing even involves, uh, addressing inbound email and outbound email to see if it has signs of phishing. And we tag that email to tell the users, hey, this is external. Seems to have a weird link in. It seems to have a QR code. These are things that could be, you know, a high risk. So really focusing on US cyber security risk around the humans. Let me say that 70 to 90% of data breaches involve some sort of social engineering. So it's the most important part you can do. Yeah, and I know everyone says we should put everything to the AI, which has been trained on all that human stuff, but I'm not sure automating human intelligence is going to get us all that at the end of the day. It's interesting, though, that the human human, everyone wants a human in the loop, though still. But humans are a lot of the problem with security. Um, what? How do you do training? How do you think about training somebody to be more secure? What's sort of the overall approach to getting people into a security mindset all the time? And by the way, we don't call it humans. The big problem. We say they can be the best part of your defense. But certainly, I mean, a big part of it is they even if they're aware of something, they may not care. Uh, you know, really what you're trying to do is influence human behavior and really culture throughout the organization so that everybody's kind of in this, hey, I'm going to have a healthy level of skepticism. A new message comes in asking me to do something that I've never done before that, you know, we're trying to encourage them to see that as a sign of a high risk message. Make sure that you research it. Use an alternative method outside the message before you perform it. We all get messages from our boss going, hey, I need you to do this, do that. But what we're saying is, if the message is unexpected, no matter how it comes, even if it's in person, you do something you've never done before. Slow down. Be mindful. Research a little bit before you perform it. That's a big part. But it's also, again, even putting the tools and the policy things, making policies harder for someone to take be taken advantage of. Like if you have a policy that says, hey, never pay an invoice that doesn't have, you know, an order with it. Uh, you don't want to circumvent the system, you can get in trouble. Or another policy could be make sure you lock your desktop before you whenever you leave it. Uh, never give your password out to someone calling you so you can create policies that help reduce risk? Then you have your technical tools that would be like your email scanners, your endpoint detection and stuff. And then you have the human component. And again it's a it's a huge thing. Think about it. 70 to 90% of successful attacks involve social engineering that have made it around every policy and technical defense you have. So you got to do it. All right. Look around here at the RSA conference. There's 25,000 people here. There's some common themes going on. What would you say you've been hearing and how KnowBe4 can help people with that? Yeah, certainly AI is a big deal. And what I would tell people, like so many companies, agentic autonomous Agentic AI and certainly we're big believers in that all of our stuff is agentic AI. First, we've been doing AI for seven years, but I would say make sure you're concentrating on features not, you know, if you give me a good feature that's doing something better and reducing cybersecurity risk better for me, I don't care if it's autonomous agentic AI or if it's a basic if then statement, right? Focus on the feature. But I do think you're going to see a I and I start to provide value, like we have an AI agent that helps pick the phishing templates, simulated phishing templates. And we know that if you allow our AI to do it versus the human admin, it's 17% more effective at tricking people, which sounds like a bad thing, but you're making them fellow phishing test. But that then allows you to give an additional educational opportunity. So we don't see it. We're like, oh, that allows you to educate people 17% more, and I think you're going to see a lot more of that where the Agentic AI is going to start providing real value, real decrease in cybersecurity risk. But, you know, it's funny, I hear I agentic I sometimes I want to just run away and scream. Yeah. Me too. Like I try not to say agentic ai too many times. But I just say so concentrate on the feature set and if someone tells you, oh, we've got agentic ai go. Okay, tell me what that's really giving me over what you had before. Yeah. So I understand that you are a not understand. I know you're a famous author. You've written lots of books on things. What's your what's your latest thing? My latest book I've written 15 working on my 16th and 17th one, but my latest one is called Taming the Hacker Storm a framework for Defeating Hackers and Malware. It literally I wanted to title it How you Fix all of Internet Security. It has a solution that, if followed, would significantly diminish the amount of hacking and malware on the internet. And I've been presenting it to all kinds of colleges and universities. Mit, I sent it to Cisa. Most of the people have seen it, have liked it and said, yeah, that would work. But, you know, it's funny. If implemented, it would probably work to significantly decrease hacking and malware. But you can't get people around your dinner table to agree to do anything. It's really tough to do that in a global world where people have and agencies of all sorts of other motivations, but I'm hoping to I've got about ten years. I'm 58, got about ten years before I retire, and I'm hoping that literally my life's goal is to fix internet security. And if I do it, my career will have been worth it. And if not, it will have been an utter failure. I'm not here to fix the little problems. I'm here to fix the big problems. You know, it does sound like you could put those concepts together and build a Roger Grimes Agentic AI to carry on your legacy and carry that carry that agenda forward. So let's just finish up a little bit. If someone wants to know a little bit more about KnowBe4, particularly if they're in this kind of crowd full of CISOs and the rest of it. Where would you have them start looking into stuff? Knowbe4. Com. We have a lot of information on there for CISOs to everyone on down. Or if someone wants to email me I'm Roger g r o g e r g@knowbe4.com. If you have a question you want to get some information. Certainly we can I can get that to you. All right. Thank you so much, Roger. It was a pleasure to meet you. Thank you. Take care folks.

Mike Matchett chats with Roger Grimes of KnowBe4 about tackling cybersecurity’s oldest problem: people. KnowBe4’s human risk management platform goes beyond awareness training to influence behavior, build skepticism, and shape a security-minded culture. From phishing simulations to real-time coaching and inbound email tagging, KnowBe4 helps users spot scams and take smarter actions. With social engineering behind 70–90% of attacks, KnowBe4’s people-first strategy is still one of the most effective defenses in the security stack.

Categories:
  • » Small World Big Data
  • » Cybersecurity
Channels:
  • Mike Matchett: Small World Big Data
News:
Events:
Tags:
  • rsac2025
  • matchett
  • cybersecurity
  • knowbe4
  • security
  • awareness
  • phishing
  • prevention
  • human
  • risk
  • management
  • social
  • engineering
  • email
  • security
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: KnowBe4: Users Gonna Click, KnowBe4’s Got Your Back

              Upcoming Webinar Calendar

              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                14

                Crafting a Championship-Worthy Security Team for Unmatched Defense

                07/14/202601:00 PM ET
                • Jul
                  14

                  Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                  07/14/202602:00 PM ET
                  • Jul
                    21

                    Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                    07/21/202604:00 AM ET
                    • Jul
                      22

                      Insights and Strategies for Effective Data Privacy and Protection

                      07/22/202606:30 AM ET
                      • Jul
                        22

                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                        07/22/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version