Strategies, technologies, and policies for preventing data breaches before they occur. This tag covers access controls, encryption, endpoint protection, incident response planning, vulnerability management, and the human factors that contribute to data exposure in organizations of all sizes.
posts
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past help desk staff with a ten-minute phone call. The attackers didn't exploit some exotic zero-day. They exploited a human being
In May 2021, Ireland's Health Service Executive got hit with a Conti ransomware attack that started with a single phishing email. One employee opened one malicious Excel attachment, and the entire national healthcare system went offline for weeks. That's the real-world weight behind the phishing meaning
A $900,000 FTC Settlement Started with a Fake Identity Website In 2020, the FTC took action against operators running deceptive websites that harvested personal information under the guise of offering government services. Consumers thought they were applying for benefits or retrieving official documents. Instead, their Social Security numbers, dates
The Colonial Pipeline Attack Changed Everything On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom to the DarkSide threat actor group — and Americans along the East Coast panic-bought gasoline for days. That'
The Colonial Pipeline Hack Changed the Conversation On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware group. Gas stations across the Southeast ran dry. Panic buying erupted.
The Colonial Pipeline Hack Was a Wake-Up Call Nobody Should Have Needed On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom to the DarkSide threat actor group, and fuel shortages rippled across the
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker hijacked accounts belonging to Barack Obama, Elon Musk, and Apple — tweeting a Bitcoin scam to millions. The breach didn't start with a sophisticated exploit or zero-day vulnerability. It
One Phish Email Took Down a $60 Billion Company's Defenses In 2023, MGM Resorts International lost roughly $100 million after a social engineering attack that started with a single phone call to their help desk. But most attacks don't even require that much effort. The average
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime in the United States for the fifth consecutive year. Yet when I ask employees during security assessments to explain what phishing actually is, most give me a
The Framework 87% of Organizations Reference — But Most Implement Poorly When Change Healthcare suffered its catastrophic ransomware attack in early 2024 — ultimately affecting an estimated 100 million individuals — the post-incident analysis pointed to failures that the NIST Cybersecurity Framework was specifically designed to prevent. Missing multi-factor authentication on a critical
