Computer Security News and Insights
In 2020, a mid-sized healthcare provider invested $250,000 in a security awareness program. Twelve months later, the CISO couldn't answer one question from the board: "Is it working?" No baseline measurements. No tracking. No defensible data. That CISO is now updating a résumé. I'
In March 2021, a single employee at a water treatment plant in Oldsmar, Florida clicked through a remote access session that could have poisoned a city's water supply. The attacker gained entry through a shared TeamViewer password — no phishing email required. The incident raised a question that boardrooms
A $150 Investment vs. a $4.24 Million Breach In March 2021, CNA Financial — one of the largest insurance companies in the U.S. — paid a reported $40 million ransom after a ransomware attack that started with a single employee interaction. That's not a typo. Forty million dollars
In March 2021, a single compromised password led to the Colonial Pipeline ransomware attack that shut down fuel delivery across the U.S. East Coast. The account didn't even have multi-factor authentication enabled. That's not a sophisticated nation-state exploit — that's a basic cyber hygiene
When Colonial Pipeline paid $4.4 million in ransom in May 2021, investigators traced the initial compromise back to a single compromised VPN credential — one that didn't have multi-factor authentication enabled. That's not a sophisticated nation-state exploit. That's a basic hygiene failure. And it
When Colonial Pipeline's CEO Joseph Blount testified before the Senate in June 2021, he admitted the company paid $4.4 million in ransom after a single compromised password shut down the largest fuel pipeline in the United States. No multi-factor authentication. No segmentation between IT and operational technology.
The SolarWinds Wake-Up Call for Every Boardroom When the SolarWinds breach came to light in December 2020, it didn't just compromise 18,000 organizations including multiple U.S. federal agencies. It put a spotlight on something security professionals have been shouting about for years: boards of directors are
In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — generated $1.8 billion in reported losses in 2020 alone. That made it the single most financially damaging cybercrime category in the entire IC3 report,
A Single Email Cost This Company $47 Million In 2020, the co-founder of an Australian hedge fund received what appeared to be a routine Zoom meeting invitation. He clicked it. Threat actors gained access to the fund's email system, planted fake invoices, and redirected $8.7 million in
The Attack That Hit 18,000 Organizations at Once In December 2020, security firm FireEye disclosed that it had been breached — and that the attack vector traced back to a routine software update from SolarWinds, a trusted IT management vendor. Within days, the scope became staggering: up to 18,000
