Practical advice for establishing cybersecurity awareness and accountability within workplace environments. These posts address onboarding security training, peer-to-peer reinforcement, department-specific risk education, and creating a workplace where employees actively protect sensitive data.
posts
A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,
The Breach That Started with a Single Employee In May 2021, a single compromised password shut down Colonial Pipeline and triggered fuel shortages across the Eastern United States. The credential was tied to a legacy VPN account that lacked multi-factor authentication. One employee. One password. $4.4 million in ransom
The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a series of social engineering messages to an Uber employee, eventually convincing them to approve a multi-factor authentication push notification. That single lapse gave the attacker access to internal systems, Slack channels, and admin
The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a social engineering message to an Uber employee, pretending to be IT support. The employee handed over credentials. Within hours, the attacker had access to internal systems, the company's HackerOne vulnerability reports,
