Provides guidance on designing, implementing, and optimizing security awareness programs for organizations. Articles cover curriculum development, interactive training methods, compliance requirements, engagement metrics, and techniques to transform employees into an active line of defense against cyber threats.
posts
In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $120 million from Google and Facebook using a sophisticated man in the middle attack scheme. He impersonated a legitimate hardware vendor, intercepted invoice communications, and redirected payments to bank accounts he controlled. The scheme ran for two
In April 2024, researchers at Akamai discovered a massive DNS hijacking campaign targeting financial institutions across Southeast Asia. Attackers poisoned DNS caches at the ISP level, silently redirecting thousands of banking customers to pixel-perfect phishing sites. Victims entered their credentials on pages that looked identical to their bank's
The Breach Bill Nobody Budgets For IBM's 2024 Cost of a Data Breach Report put the global average at $4.88 million — a 10% jump from the prior year and the highest figure ever recorded. If you think 2026 will somehow reverse that trend, I've got
The Invoice That Took Down a Hospital Network In 2023, a hospital system in Illinois watched helplessly as Qakbot — a trojan horse malware strain — moved laterally through its entire Active Directory environment in under four hours. The initial infection? A single employee opened what looked like an overdue vendor invoice
In 2023, the FBI's Internet Crime Complaint Center received over 40,000 complaints related to spoofing, with losses exceeding $300 million. That number keeps climbing. A spoofing caller attack — where a threat actor manipulates the caller ID to impersonate a trusted number — is one of the oldest tricks
$4.88 Million Was Last Year's Average. This Year Will Be Worse. IBM's 2024 Cost of a Data Breach Report put the global average at $4.88 million — a 10% jump from the year before and the highest figure ever recorded at that point. If you
In 2023, a single employee's compromised personal phone gave threat actors a foothold into MGM Resorts' corporate network. The resulting breach cost the company over $100 million. The attack didn't start with some sophisticated zero-day exploit — it started with a social engineering call to the
In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.
In 2023, a single compromised employee phone at MGM Resorts International led to a social engineering attack that cost the company over $100 million in losses. The threat actors didn't hack a firewall or exploit a zero-day. They called the help desk. That incident is a masterclass in
In December 2025, the FBI issued a stark public warning: delete suspicious text messages immediately. The advisory specifically called out a wave of smishing texts — SMS-based phishing attacks — targeting Americans with fake toll road notices, package delivery scams, and fraudulent financial alerts. The bureau's Internet Crime Complaint Center
