Tag

Cybersecurity for Business

Access cybersecurity guidance tailored for organizations of all sizes. Topics include employee security training, network defense, compliance frameworks, incident response planning, and strategies to build a resilient security culture across your business.

posts

Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

Your Employees' Credentials Are Already for Sale In March 2024, AT&T confirmed that data from approximately 73 million current and former customers appeared on the dark web. That breach didn't happen overnight — the data had been circulating in underground markets for years before anyone noticed.

Carl B. Johnson Jun 25, 2026 5 min read
Types of Malware

Types of Malware: What Every Organization Must Know

In February 2024, Change Healthcare — one of the largest health payment processors in the U.S. — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted claims processing for hospitals and pharmacies nationwide, exposed protected health information for an estimated 100 million people, and reportedly led to a $22

Carl B. Johnson Jun 12, 2026 6 min read
Social Engineering Attacks

Social Engineering Attacks: Why Humans Are the #1 Target

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a single phone call. The attacker impersonated an employee, convinced the help desk to reset credentials, and within hours had burrowed deep enough to deploy ransomware

Carl B. Johnson May 30, 2026 6 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: What Happens After a Breach

In June 2024, researchers at SpyCloud reported that over 17.3 billion credentials were circulating on underground marketplaces. That's not a theoretical number from a think tank. That's the real inventory of stolen credentials on the dark web — usernames, passwords, session tokens, and API keys — available

Carl B. Johnson May 25, 2026 5 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Your Team Must Know

In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,

Carl B. Johnson Apr 22, 2026 5 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that phishing — including fake mail delivered via email, text, and voice — was the most reported cybercrime category for the fifth consecutive year, with over 298,000 complaints. And that only accounts for what gets reported. In my experience,

Carl B. Johnson Apr 12, 2026 5 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects

Carl B. Johnson Sep 22, 2025 7 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

In February 2024, a threat actor going by "USDoD" listed 2.9 billion records from National Public Data on a dark web forum — records that included Social Security numbers, full names, and addresses of nearly every American adult. The breach didn't make mainstream headlines until months

Carl B. Johnson Feb 28, 2025 8 min read
Phish

Phish: Why One Click Still Causes Million-Dollar Breaches

In January 2024, a finance employee at engineering firm Arup received an email inviting them to a video call with the company's CFO. Everything looked legitimate — the email, the meeting link, even the faces on the screen. It was all a deepfake-powered phish. That single interaction cost Arup

Carl B. Johnson Nov 07, 2024 7 min read