Tag

Credential Theft Prevention

Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.

posts

Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

One Reused Password Cost This Company $10 Million In 2024, the Snowflake customer breach wave compromised over 165 organizations — including Ticketmaster and AT&T — because attackers used stolen credentials harvested from infostealer malware. The common thread? Employees reusing passwords across personal and corporate accounts with no password manager in

Carl B. Johnson Jul 10, 2026 5 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a single social engineering phone call that led to credential theft. The resulting breach caused an estimated $100 million in damages. And it started with

Carl B. Johnson Jul 01, 2026 5 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Actually Means for Your Security Team When the band Phish takes the stage, they never play the same setlist twice. Every show is crafted for the audience. Your phishing simulation program should work the same way. A phish setlist — a curated, rotating collection of phishing attack

Carl B. Johnson Jun 28, 2026 5 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

The Breach That Proved "Trust But Verify" Was a Lie In 2020, a threat actor compromised SolarWinds' Orion software update mechanism and silently infiltrated over 18,000 organizations — including multiple U.S. federal agencies and Fortune 500 companies. The attackers didn't blast through firewalls. They

Carl B. Johnson Jun 25, 2026 6 min read
Insider Threats

How to Prevent Insider Threats Before They Cost Millions

In 2022, a former employee at Cash App's parent company, Block, downloaded reports containing the personal information of 8.2 million customers — months after they'd left the company. Their access had never been revoked. That single oversight triggered SEC filings, lawsuits, and reputational damage that took

Carl B. Johnson Jun 23, 2026 5 min read
Business Email Compromise

Business Email Compromise: The $2.9B Threat in 2026

One Email Cost This Company $37 Million In 2024, Orion Engineering — a mid-size firm with 200 employees — wired $37 million to what they believed was a trusted overseas supplier. The invoice looked legitimate. The email thread was real. The bank details were the only thing that had changed. By the

Carl B. Johnson Jun 15, 2026 5 min read
Data Breach Examples 2026

Data Breach Examples 2026: Lessons from Real Attacks

In January 2026, a major U.S. healthcare network disclosed that threat actors had exfiltrated over 3 million patient records after compromising a single employee's credentials through a phishing email. It wasn't sophisticated malware. It wasn't a zero-day. It was a fake password-reset page.

Carl B. Johnson Jun 11, 2026 5 min read
Strong Passwords

Strong Password Examples That Actually Stop Hackers

The 6-Character Password That Cost a Company $4.88 Million IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. In my experience analyzing post-breach forensics, weak or reused passwords remain the single most common entry point for threat actors.

Carl B. Johnson May 31, 2026 5 min read
Phishing Awareness

How to Recognize a Phishing Email Before You Click

The Email That Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. A threat actor impersonated a senior executive, sent a convincing email, and an employee wired the funds. No malware. No zero-day exploit. Just one phishing email that

Carl B. Johnson May 22, 2026 6 min read