In 2023, a financial services employee signed up for an unsanctioned file-sharing app using their corporate email. Within weeks, a threat actor exploited a vulnerability in that app and exfiltrated 11,000 customer records. The security team didn't even know the app existed. That's shadow IT
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And those are just the ones people actually reported. If you're asking what is phishing, you're asking the
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a single phone call. The attacker impersonated an employee, convinced the help desk to reset credentials, and within hours had burrowed deep enough to deploy ransomware
In November 2023, the international law firm Allen & Overy confirmed it was hit by a LockBit ransomware attack. Weeks earlier, a midsize firm in the southeastern U.S. paid a seven-figure ransom after a threat actor encrypted every client file on its network — and the firm never made headlines
Your Employees' Passwords Are Probably Already There In 2024, the FBI's Internet Crime Complaint Center (IC3) reported over 880,000 complaints with potential losses exceeding $12.5 billion — and a significant chunk of that activity traces back to credentials and data bought and sold on the dark
In the last six months, 3,500 people completed our Free Cybersecurity Awareness Training. 221 told us the $1 certificate helped them land their first cybersecurity job. Here is what is happening and why employers care.
Your Employees' Phones Are the Weakest Link In March 2024, MGM Resorts was still dealing with the fallout of a social engineering attack that started with a simple phone call. But here's what most people missed in the post-incident analysis: the reconnaissance that made that attack possible
The $4.88 Million Problem Sitting in Your Inbox Right Now In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — essentially sophisticated fake mail — cost victims over $2.9 billion in a single year. That wasn't a spike. It was a trend.
In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by a ransomware attack that disrupted pharmacy operations, delayed patient care, and ultimately cost UnitedHealth Group an estimated $872 million in the first quarter alone. The attack vector? Stolen credentials and the
Deepfakes have moved from tech headlines into school hallways, fueling arrests, lawsuits, and traumatized students. Here is what is a deep fake, why schools have become ground zero, and what families can do about it.
