In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called an employee, pretended to
In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest ever recorded. That same report found that organizations with security awareness training programs saved an average of $258,629 per breach compared to those without. Yet when
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered the company's IT help desk with a single phone call. The attackers didn't exploit a zero-day vulnerability. They exploited a person. That incident should make every security leader ask a blunt question:
A $4.88 Million Problem With a Training-Shaped Solution IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. Meanwhile, the average investment in security awareness training per employee sits somewhere between $15 and $50
In February 2024, Change Healthcare — one of the largest health payment processors in the U.S. — got hit with a ransomware attack that disrupted claims processing for weeks and exposed data on roughly 100 million individuals. The root cause? Compromised credentials on a system that lacked multi-factor authentication. That'
The Breach That Started With a Reused Password In January 2024, Microsoft disclosed that a Russian threat actor group known as Midnight Blizzard compromised executive email accounts — not through some exotic zero-day, but by password spraying a legacy test account that lacked multi-factor authentication. One overlooked account. No MFA. That&
The CEO Who Clicked Reply In 2023, the SEC charged SolarWinds' CISO Timothy Brown for misleading investors about the company's cybersecurity practices. That action sent a shockwave through every C-suite in America. Suddenly, cybersecurity wasn't just an IT issue — it was a personal liability issue.
The SEC Made It Official — Your Board Can't Plead Ignorance Anymore In July 2023, the SEC finalized rules requiring publicly traded companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. That wasn't a
A Single Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the category that includes every CEO fraud email scam — generated adjusted losses exceeding $2.9 billion in a single year. That number has held steady as one
The CEO Who Wired $47 Million to a Criminal In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the CEO in emails directing employees to transfer funds for a fake acquisition. The CEO was fired. The CFO was fired. The company's stock
