Tag

Cybersecurity Training

Covers cybersecurity training programs, techniques, and best practices designed to equip employees and individuals with the skills to recognize and respond to cyber threats. Topics include security awareness curricula, simulation exercises, and measuring training effectiveness.

posts

Phishing

What Is Phishing? The Attack Behind 80% of Breaches

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime for the fifth consecutive year. And those are just the ones people reported. I've spent years helping organizations respond to breaches, and the vast majority start

Carl B. Johnson Mar 04, 2020 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The total cost exceeded $100 million. The attacker didn't exploit a zero-day vulnerability or crack military-grade encryption. They impersonated an employee found

Carl B. Johnson Feb 27, 2020 6 min read
Phishing Emails

How to Spot Phishing Emails Before They Cost You

In March 2024, a finance director at a mid-size manufacturer in Ohio received an email from what appeared to be the company CEO. The message asked for an urgent wire transfer to close a confidential acquisition. The email looked flawless — correct logo, matching font, even a convincing signature block. She

Carl B. Johnson Feb 16, 2020 7 min read
What Is Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Email That Cost One Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. He sent fake invoices from a spoofed vendor email address. Employees at two of the most technically sophisticated companies on

Carl B. Johnson Jan 23, 2020 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

In March 2024, a finance employee at a UK-based engineering firm wired $25 million to threat actors after a deepfake video call. The attackers had spoofed the company's CFO — but the entire attack chain started with a single phishing email. That first message contained at least four classic

Carl B. Johnson Jan 19, 2020 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $25 Million In early 2024, an employee at engineering firm Arup joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The employee transferred $25 million across multiple transactions

Carl B. Johnson Jan 09, 2020 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams Costing Millions

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the company's IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The entire breach started with a phone call and a convincing story. That story — the fabricated

Carl B. Johnson Jan 09, 2020 7 min read
Cybersecurity Training

How to Train Employees on Cybersecurity in 2026

The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker found an employee on LinkedIn, called the IT service desk, and convinced them to reset credentials. That&

Carl B. Johnson Dec 14, 2019 7 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

One Unapproved App Cost a Hospital Network $3 Million In 2023, a regional hospital system discovered that a department had been using an unapproved file-sharing tool to exchange patient records for over a year. The tool had no encryption, no access controls, and no audit trail. When an attacker exploited

Carl B. Johnson Sep 10, 2019 8 min read