Resources dedicated to cybersecurity training programs tailored for employees at every level. Topics include role-based training modules, compliance requirements, awareness campaign planning, and techniques for reducing human-caused security incidents.
posts
Your Employees Are the Breach — 68% of the Time The 2024 Verizon Data Breach Investigations Report found that 68% of breaches involved a non-malicious human element — someone clicked a phishing link, reused a password, or misconfigured a system. That number has held stubbornly steady for years. If you're
In January 2025, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. The attack started the same way almost all of them do — with a phishing email. If you'
A Single Click Cost MGM Resorts $100 Million In September 2023, a social engineering phone call to an MGM Resorts IT help desk led to one of the most expensive breaches in hospitality history. The threat actor didn't exploit a zero-day vulnerability. They didn't write a
The $4.88 Million Lesson Your Employees Haven't Learned Yet In January 2024, the SEC's own X (formerly Twitter) account was hijacked because someone fell for a SIM-swap attack. If the agency that regulates public companies can't keep its own accounts secure, what does
In October 2022, a Medibank employee's credentials were stolen through a single compromised login — no multi-factor authentication in place. The breach exposed the personal health data of 9.7 million Australians and became one of the most damaging incidents of the year. The attack didn't start
In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Microsoft, Nvidia, Samsung, and Okta. They didn't use sophisticated zero-day exploits. They used social engineering. They bought credentials. They tricked employees. And they walked through the front door of some of the most well-resourced security
The Click That Cost One Hospital $67 Million In 2020, Universal Health Services suffered a Ryuk ransomware attack that disrupted operations across 400 facilities for weeks. The estimated cost? $67 million. The entry point? An employee who interacted with a malicious payload. This wasn't a sophisticated zero-day exploit.
The Breach That Started With a Single Click In January 2024, a finance department employee at a mid-size manufacturing firm opened what looked like a routine DocuSign notification. Within 72 hours, a threat actor had exfiltrated 1.2 million customer records and deployed ransomware across the company's entire
