Step-by-step guidance on creating a cybersecurity culture from the ground up. Posts cover executive buy-in strategies, communication plans, training rollout approaches, and techniques for embedding security-first thinking into organizational workflows and decision-making.
posts
A Poster on the Breakroom Wall Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state malware. Just a phone call.
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called an employee, pretended to
In January 2023, T-Mobile disclosed that a threat actor had stolen data on roughly 37 million customer accounts by exploiting a single API vulnerability. But here's what most people missed in the headlines — the breach went undetected for over a month. That's not just a technology
A $4.24 Million Wake-Up Call IBM's 2021 Cost of a Data Breach Report found the average breach now costs $4.24 million — the highest in the report's 17-year history. But here's the number that keeps me up at night: 85% of breaches involved
A Fortune 500 Company Got Breached by a Phone Call In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The result? Over $100 million in losses, days of operational chaos, and a stock
The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a push notification to an Uber contractor's phone — over and over, for more than an hour. The contractor eventually approved the multi-factor authentication request just to make it stop. That single moment
