Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Third Party Risk

Third Party Vendor Cybersecurity Risk: A 2026 Guide

When Target lost 40 million credit card records in 2013, the attackers didn't breach Target directly. They compromised an HVAC vendor. Over a decade later, the playbook hasn't changed — it's just gotten more devastating. Third party vendor cybersecurity risk is now the single fastest-growing

Carl B. Johnson Apr 07, 2026 6 min read
Social Engineering Examples

Social Engineering Examples: 7 Real Attacks That Worked

In September 2022, a teenager allegedly convinced an Uber employee to hand over access credentials through a simple text message. No zero-day exploit. No sophisticated malware. Just a convincing story and a target who didn't verify the request. That single social engineering attack gave the threat actor access

Carl B. Johnson Apr 06, 2026 5 min read
Social Engineering Examples

Social Engineering Examples That Fool Even Experts

The Phone Call That Cost MGM Resorts $100 Million In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced the technician to reset credentials. That single phone call triggered a ransomware attack that disrupted operations across Las Vegas

Carl B. Johnson Apr 04, 2026 5 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why It Works in 2026

In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.

Carl B. Johnson Apr 03, 2026 5 min read
Cyber Hygiene

What Is Cyber Hygiene? The Daily Habits That Stop Breaches

A Single Unpatched Laptop Cost One Hospital $3 Million In 2023, the U.S. Department of Health and Human Services settled with a healthcare provider after a ransomware attack that started on one employee's unpatched workstation. The machine hadn't been updated in over 90 days. That

Carl B. Johnson Apr 02, 2026 5 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most

Carl B. Johnson Mar 31, 2026 5 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

In January 2024, Microsoft disclosed that a Russian-linked threat actor — Midnight Blizzard — breached corporate email accounts by exploiting a legacy test tenant that lacked multi-factor authentication. No zero-day. No sophisticated exploit chain. Just a password spray against an old account that trusted the network it sat on. That's

Carl B. Johnson Mar 30, 2026 5 min read
Cybersecurity for Financial Services

Cybersecurity for Financial Services: A 2026 Playbook

The Industry That Can't Afford a Single Mistake In November 2023, the SEC fined several financial advisory firms a combined total of nearly $750,000 for cybersecurity failures following credential theft incidents that exposed thousands of customer records. The firms had the basics — firewalls, antivirus — but lacked the

Carl B. Johnson Mar 29, 2026 5 min read