Articles and resources focused on cybersecurity training programs for individuals and organizations. Topics include building security-first cultures, developing effective training curricula, measuring training outcomes, and keeping teams prepared against evolving cyber threats through continuous education.
posts
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past help desk staff with a ten-minute phone call. The attackers didn't exploit some exotic zero-day. They exploited a human being
A Single Phish Took Down a $4 Billion Pipeline In May 2021, a single compromised password — likely harvested through a phish or credential reuse — gave attackers access to Colonial Pipeline's network. The result: a ransomware attack that shut down 5,500 miles of fuel pipeline, triggered gas shortages
In May 2021, Ireland's Health Service Executive got hit with a Conti ransomware attack that started with a single phishing email. One employee opened one malicious Excel attachment, and the entire national healthcare system went offline for weeks. That's the real-world weight behind the phishing meaning
In July 2021, a single phishing email led to a ransomware attack that shut down fuel deliveries across the entire U.S. East Coast. The Colonial Pipeline breach started — like most breaches do — with a compromised credential. If one employee had known how to spot phishing emails, $4.4 million
A $900,000 FTC Settlement Started with a Fake Identity Website In 2020, the FTC took action against operators running deceptive websites that harvested personal information under the guise of offering government services. Consumers thought they were applying for benefits or retrieving official documents. Instead, their Social Security numbers, dates
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime in the United States for the fifth consecutive year. Yet when I ask employees during security assessments to explain what phishing actually is, most give me a
A Single Text Message Cost One Company $15 Million In 2022, Twilio disclosed that attackers used SMS phishing — smishing — to trick employees into surrendering their credentials. The threat actors sent text messages impersonating the company's IT department, directing staff to a fake login page. That single campaign compromised
A Single Email Cost This Company $100 Million In 2019, Toyota Boshoku Corporation wired $37 million to a threat actor who impersonated a business partner via email. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices over two years. These weren't
