One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and gained access to the company's entire network. The result: over $100 million in losses, days of disrupted operations,
The $5.6 Billion Warning the FTC Already Sent You In 2023, the FTC reported collecting over $5.6 billion in consumer refunds from enforcement actions — a significant chunk tied to data security failures. If you think the FTC only goes after big tech, think again. They've pursued
The Typo That Costs Billions: Why "Phising" Lands You Here Here's something I find fascinating — "phising" is one of the most commonly misspelled cybersecurity terms on the internet. If you searched for it, you're in exactly the right place. Phishing (with the
The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for millions of Americans. UnitedHealth Group confirmed paying a $22 million ransom. The attack vector? Stolen credentials on a system that lacked multi-factor authentication. One missing
800 Pages of Security Guidance — and Most Teams Read None of It In 2023, the MOVEit Transfer breach compromised data from over 2,600 organizations worldwide. Many of those organizations claimed compliance with major frameworks. The problem wasn't that NIST standards didn't cover the vulnerability class
Your Employees Are Building a Second Network You Can't See A marketing manager signs up for an AI writing tool using her corporate email. A developer spins up an AWS instance on a personal account to test code faster. A sales rep stores client contracts in a personal
A Poster on the Breakroom Wall Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state malware. Just a phone call.
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state tooling. Just a phone call. If you want to understand what causes a data breach,
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a ten-minute phone call. That single conversation gave attackers the keys to slot machines, hotel room systems, and customer data across an entire casino empire. If
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past an IT help desk — with a single phone call. That one interaction led to a ransomware attack that shut down slot machines, hotel check-ins, and digital key cards across Las
