Computer Security News and Insights
A Fortune 500 Company Got Breached by a Phone Call In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The result? Over $100 million in losses, days of operational chaos, and a stock
When the SEC fined SolarWinds' CISO for misleading investors about cybersecurity practices, it sent a shockwave through every security department in America. The message was unmistakable: vague assurances about security posture aren't enough anymore. Boards, regulators, and cyber insurers now demand evidence. That's why security
Your Training Program Is Worthless Without Proof In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to the help desk. The company almost certainly had a security awareness program in place. So did Caesars Entertainment, which paid a
A 45-Minute Training Video Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a phone call to the help desk. The attacker didn't exploit a zero-day vulnerability. They exploited a human. And I guarantee every employee
A $4.88 Million Average — and a Training Budget That's a Fraction of That IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. That same report found that organizations with high levels of security training and awareness
A Single Reused Password Cost One Company Everything In 2021, the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast. The entry point? A single compromised password on a legacy VPN account that lacked multi-factor authentication. That's not a sophisticated nation-state exploit. That&
A $4.88 Million Problem With a Simple Fix IBM's 2024 Cost of a Data Breach Report pegged the global average cost of a breach at $4.88 million. That number keeps climbing. But here's the part that should keep you up at night: the Verizon
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered an IT help desk with a ten-minute phone call. No zero-day exploit. No nation-state tooling. Just sloppy basics. That breach — and hundreds like it every year — could have been prevented with a disciplined
The CEO Who Clicked the Link In 2024, the SEC charged SolarWinds' CISO with fraud for misleading investors about the company's cybersecurity posture. That case sent a clear message: cybersecurity accountability now sits in the executive suite, not just the IT department. If you're a
The SEC Just Made Ignorance Expensive In July 2023, the SEC finalized rules requiring public companies to disclose material cybersecurity incidents within four business days — and to describe their board's oversight of cyber risk annually. That single regulatory move turned board-level cybersecurity awareness from a nice-to-have into a
