Provides guidance on designing, implementing, and optimizing security awareness programs for organizations. Articles cover curriculum development, interactive training methods, compliance requirements, engagement metrics, and techniques to transform employees into an active line of defense against cyber threats.
posts
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called IT support, impersonated an employee found on LinkedIn, and
A Single Breach Now Costs More Than Most Companies Budget for Security All Year IBM's 2024 Cost of a Data Breach Report pegged the global average at $4.88 million — a 10% jump from the prior year and the highest figure ever recorded. If you think the cost
In 2023, a single remote employee at a major casino operator received a phone call from someone claiming to be IT support. That social engineering attack — a vishing call lasting roughly ten minutes — gave threat actors the foothold they needed to deploy ransomware across MGM Resorts' entire network, causing
In 2023, the FBI's Internet Crime Complaint Center flagged Remote Desktop Protocol (RDP) as one of the top three initial access vectors for ransomware incidents. That wasn't a surprise to anyone who monitors Shodan — the search engine that indexes internet-facing devices. On any given day, you
A $1 USB Stick Took Down a Defense Contractor In 2008, a USB flash drive infected with the Agent.BTZ worm was plugged into a U.S. military laptop at a base in the Middle East. That single device triggered what the Pentagon called the most significant breach of U.
