Tag

Cybersecurity Awareness

Articles on cybersecurity awareness cover the foundational knowledge individuals and organizations need to recognize and respond to digital threats. Topics include safe browsing habits, password hygiene, social engineering tactics, and building a security-first culture across teams.

posts

Clean Desk Policy

Clean Desk Policy Cybersecurity: Why It Still Matters

The Unlocked Filing Cabinet That Cost a Hospital $3 Million In 2019, the Office for Civil Rights fined Bayfront Health St. Petersburg $85,000 for a breach involving paper records left in an unsecured location. That was a small settlement. I've seen organizations lose far more when a

Carl B. Johnson Sep 01, 2019 7 min read
Supply Chain Attack Examples

Supply Chain Attack Examples That Changed Cybersecurity

In December 2020, security firm FireEye disclosed that threat actors had compromised SolarWinds' Orion software platform — and with it, roughly 18,000 organizations that installed a poisoned update. Government agencies, Fortune 500 companies, and critical infrastructure operators all got hit through a single trusted vendor. That's the

Carl B. Johnson Aug 14, 2019 6 min read
Dark Web

What Is the Dark Web? A Security Pro's Real Guide

Your Employees' Passwords Are Probably Already There In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — and a significant share of that activity traces back to credentials and data traded on dark web marketplaces. If you&

Carl B. Johnson Jul 25, 2019 6 min read
Malware

What Is Malware? A Security Pro's Field Guide for 2026

In 2023, the FBI's Internet Crime Complaint Center (IC3) received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase from the year before. A massive share of those incidents started with a single piece of malicious software landing on someone's machine.

Carl B. Johnson Jul 20, 2019 7 min read
Types of Malware

Types of Malware: What Every Organization Must Know

In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — and malware was the engine behind a staggering number of those incidents. I've worked incident response cases where a single malware infection spiraled into a multi-million-dollar

Carl B. Johnson Jul 20, 2019 6 min read
SQL Injection

SQL Injection Explained: The Attack That Won't Die

In 2023, the MOVEit Transfer vulnerability — a SQL injection flaw — led to the compromise of over 2,600 organizations and exposed data on more than 77 million individuals. One vulnerability. One injection point. Billions in damage. And here's what should keep you up at night: SQL injection has

Carl B. Johnson Jul 14, 2019 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In 2024, the FBI's Internet Crime Complaint Center received over 298,000 complaints related to phishing — making it the most reported cybercrime for the fifth consecutive year. Yet when I ask employees in training sessions to give me a phishing definition, most of them describe a Nigerian prince

Carl B. Johnson Jun 23, 2019 6 min read
Phishing

Definition of a Phishing Attack and Why It Works

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. I've spent years helping organizations respond to these attacks, and the pattern is always the same: someone clicks a link

Carl B. Johnson Jun 23, 2019 7 min read
Spoofing

Spoofing Attacks: How Hackers Impersonate You

A CFO, a Spoofed Email, and a $37 Million Wire Transfer In 2024, the FBI's Internet Crime Complaint Center (IC3) continued reporting staggering losses from business email compromise — a category where spoofing is the engine that makes the scam work. Threat actors forge sender addresses, manipulate caller IDs,

Carl B. Johnson Jun 18, 2019 8 min read
Spoofing

Spoof Attacks: How Threat Actors Trick Your Defenses

The CEO Email That Cost a Company $47 Million In 2015, Ubiquiti Networks disclosed that attackers impersonating company executives via spoofed emails tricked employees into wiring $46.7 million to overseas accounts. The emails looked legitimate. The sender addresses appeared correct. No malware was involved. The entire attack hinged on

Carl B. Johnson Jun 18, 2019 7 min read