Tag

Cybersecurity Training

Covers cybersecurity training programs, techniques, and best practices designed to equip employees and individuals with the skills to recognize and respond to cyber threats. Topics include security awareness curricula, simulation exercises, and measuring training effectiveness.

posts

Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $100 Million In 2019, a UK-based energy company's CEO received a phone call from what he believed was his boss — the head of the parent company in Germany. The voice was perfect. The accent, the tone, the speech patterns — all spot

Carl B. Johnson Apr 21, 2022 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams That Fool Smart People

In 2020, a teenager convinced a Twitter employee he was a co-worker from the IT department. That single phone call led to the compromise of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and a Bitcoin scam that netted over $100,000 in hours. The attack wasn'

Carl B. Johnson Apr 04, 2022 7 min read
Securing Remote Employees

Securing Remote Employees: A Practical Guide for 2022

In July 2021, a ransomware attack on Kaseya's VSA software cascaded through managed service providers and hit up to 1,500 businesses — many of them small companies with remote workers connecting through poorly secured endpoints. The REvil gang demanded $70 million. That single incident crystallized what I'

Carl B. Johnson Jan 15, 2022 8 min read
Shadow IT Risks

Shadow IT Risks: The Threats Hiding in Your Network

Your Employees Are Building a Second Network — And You Can't See It In March 2021, a vulnerability in Microsoft Exchange Server sent security teams scrambling. But here's what didn't make the headlines: many organizations discovered Exchange instances they didn't even know existed.

Carl B. Johnson Dec 23, 2021 8 min read
Cybersecurity Glossary

Cybersecurity Glossary for Beginners: 40 Terms to Know

During the 2020 SolarWinds breach investigation, I watched a boardroom full of executives stare blankly when an incident responder mentioned "lateral movement" and "supply chain compromise." They had no idea what was happening to their own network — not because they were negligent, but because nobody had

Carl B. Johnson Sep 16, 2021 8 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A No-Nonsense Guide

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised password shut down fuel delivery across the U.S. East Coast. The post-incident reporting was filled with jargon — ransomware, threat actor, credential theft, attack vector — that left most non-technical readers glazing over. Here's

Carl B. Johnson Sep 16, 2021 7 min read
Adware vs Spyware

Adware vs Spyware: What Security Pros Know You Don't

In March 2021, Avast researchers disclosed that at least 28 browser extensions — used by roughly three million people — were quietly harvesting browsing data and redirecting users to phishing and ad-laden sites. Some of those extensions looked like simple ad-blocking tools. Others posed as social media helpers. Under the hood, they

Carl B. Johnson Sep 16, 2021 7 min read
SQL Injection

SQL Injection Explained: The Attack That Won't Die

In March 2021, security researchers discovered that Accellion's file transfer appliance had been exploited through — you guessed it — an SQL injection vulnerability. The Clop ransomware gang leveraged the flaw to steal data from dozens of organizations, including Shell, Bombardier, and multiple U.S. universities. This wasn't

Carl B. Johnson Sep 03, 2021 8 min read
Phishing

Definition of a Phishing Attack: What It Really Looks Like

In July 2020, a handful of Twitter employees received phone calls from people claiming to be IT administrators. Those calls led to the compromise of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and a Bitcoin scam that netted over $100,000 in hours. The whole thing started

Carl B. Johnson Aug 25, 2021 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In July 2020, a teenager from Florida used spear phishing to compromise the internal tools at Twitter, hijacking 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — to run a Bitcoin scam. The attack didn't exploit some exotic zero-day vulnerability. It started with targeted messages

Carl B. Johnson Aug 24, 2021 7 min read