Access cybersecurity guidance tailored for organizations of all sizes. Topics include employee security training, network defense, compliance frameworks, incident response planning, and strategies to build a resilient security culture across your business.
posts
In June 2024, researchers at SpyCloud reported that over 17.3 billion credentials were circulating on underground marketplaces. That's not a theoretical number from a think tank. That's the real inventory of stolen credentials on the dark web — usernames, passwords, session tokens, and API keys — available
In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,
In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that phishing — including fake mail delivered via email, text, and voice — was the most reported cybercrime category for the fifth consecutive year, with over 298,000 complaints. And that only accounts for what gets reported. In my experience,
A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects
In February 2024, a threat actor going by "USDoD" listed 2.9 billion records from National Public Data on a dark web forum — records that included Social Security numbers, full names, and addresses of nearly every American adult. The breach didn't make mainstream headlines until months
In January 2024, a finance employee at engineering firm Arup received an email inviting them to a video call with the company's CFO. Everything looked legitimate — the email, the meeting link, even the faces on the screen. It was all a deepfake-powered phish. That single interaction cost Arup
In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. The attack started the same way almost all of them do — with a
In March 2024, the FBI's Internet Crime Complaint Center reported that Americans lost over $10 billion to cybercrime in 2023 — and a staggering portion of those losses started with a single phone call from a number the victim trusted. A spoofing caller doesn't need to hack
In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor's account. The fallout? Hundreds of downstream customers suddenly questioning whether their own environments were compromised. One email. One click. A cascading trust crisis that made headlines for weeks. That's
The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack
