Tag

Cybersecurity for Business

Access cybersecurity guidance tailored for organizations of all sizes. Topics include employee security training, network defense, compliance frameworks, incident response planning, and strategies to build a resilient security culture across your business.

posts

Phishing

Phishing Attacks in 2024: What Actually Works to Stop Them

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. The attack started the same way almost all of them do — with a

Carl B. Johnson Sep 18, 2024 7 min read
Spoofing Caller

Spoofing Caller Attacks: How Criminals Fake Trust

In March 2024, the FBI's Internet Crime Complaint Center reported that Americans lost over $10 billion to cybercrime in 2023 — and a staggering portion of those losses started with a single phone call from a number the victim trusted. A spoofing caller doesn't need to hack

Carl B. Johnson Aug 19, 2024 7 min read
Phishing Email

Phishing Email Attacks: What Actually Works to Stop Them

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor's account. The fallout? Hundreds of downstream customers suddenly questioning whether their own environments were compromised. One email. One click. A cascading trust crisis that made headlines for weeks. That's

Carl B. Johnson Oct 18, 2022 6 min read
Phishing

Phishing Attacks in 2022: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack

Carl B. Johnson Oct 18, 2022 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Really Start

In March 2022, threat actor group Lapsus$ breached Okta by compromising a single support engineer's laptop — an attack chain that started with social engineering and credential theft. One employee. One set of stolen credentials. And suddenly, a company trusted by thousands of organizations to manage authentication was scrambling

Carl B. Johnson Sep 04, 2022 7 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In March 2022, the threat actor group Lapsus$ breached Okta, Microsoft, and Samsung — not through some sophisticated zero-day exploit, but through phishing scams and social engineering that tricked employees into handing over credentials. A group reportedly led by teenagers compromised some of the largest technology companies on the planet. If

Carl B. Johnson Sep 04, 2022 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Okta, Microsoft, Samsung, and Nvidia in rapid succession. Their primary weapon wasn't a sophisticated zero-day exploit. It was employee cybersecurity training failures: stolen credentials, SIM swapping, and social engineering attacks that targeted the humans sitting

Carl B. Johnson Apr 04, 2022 7 min read
Phishing

Phishing: Why 36% of Breaches Start in Your Inbox

The Inbox Is the Front Door — And It's Wide Open According to the 2021 Verizon Data Breach Investigations Report, phishing is involved in 36% of all confirmed data breaches. That number jumped 11 percentage points from the year before. Let that sink in — more than a third of

Carl B. Johnson Aug 31, 2021 7 min read
Insider Threats

Insider Threat Examples: Real Cases That Cost Millions

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker had hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — tweeting a Bitcoin scam that netted over $100,000. The most sophisticated firewall in the world wouldn&

Carl B. Johnson Dec 20, 2020 7 min read