The Industry That Loses More Per Breach Than Any Other In 2021, a single ransomware attack against CNA Financial reportedly led to a $40 million ransom payment — one of the largest ever disclosed. That incident wasn't an anomaly. It was a signal. Cybersecurity for financial services isn'
Why Threat Actors Love Targeting Law Firms In February 2021, the law firm Jones Day confirmed that hackers had stolen confidential client data through a vulnerability in Accellion's file-transfer appliance. Sensitive case documents, including those related to major corporate litigation, ended up on the Clop ransomware gang'
The Blackbaud Breach Should Have Been a Wake-Up Call In May 2020, a ransomware attack hit Blackbaud — one of the largest cloud computing providers serving nonprofits, hospitals, and universities. The breach exposed donor records, financial data, and Social Security numbers belonging to millions of people across hundreds of organizations. Blackbaud
The Sector Threat Actors Love to Target In August 2021, the Howard University data breach forced the school to cancel classes for an entire week. A ransomware attack encrypted critical systems, disrupted enrollment, and left students scrambling for answers. Howard isn't an outlier. It's a case
A Single Checkbox Left Unchecked Cost Capital One $80 Million In 2019, a former AWS employee exploited a misconfigured web application firewall to access over 100 million Capital One customer records. The breach led to an FTC investigation, an $80 million fine from the OCC, and a $190 million class-action
The Misconfiguration That Exposed 3.8 Billion Records In June 2021, researchers discovered an unsecured Elasticsearch instance containing 3.8 billion records — names, emails, phone numbers, and social media profiles compiled from scraped and breached data. It sat wide open on the internet. No password. No access controls. Just a
Your Employees Are Building a Second Network — And You Can't See It In March 2021, a vulnerability in Microsoft Exchange Server sent security teams scrambling. But here's what didn't make the headlines: many organizations discovered Exchange instances they didn't even know existed.
In April 2021, the FBI's IC3 reported a sharp rise in mobile-focused phishing attacks — schemes specifically designed to exploit the smaller screens and always-on nature of smartphones. I've watched organizations pour millions into securing their perimeters while ignoring the devices employees actually use the most. The
A Single Employee's Phone Just Cost This Company Everything In August 2021, T-Mobile confirmed a massive data breach affecting over 50 million people. While the full attack chain was complex, the reality is that personal devices connecting to corporate environments create attack surfaces that most IT teams drastically
In April 2021, the FBI's IC3 reported that losses from internet crime topped $4.2 billion in 2020 — and a growing share of those incidents started on a mobile device. Not a server. Not a laptop in a locked office. A phone sitting in someone's pocket
