Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Web Security Best Practices

Web Security Best Practices That Actually Stop Breaches

In January 2023, T-Mobile disclosed that a threat actor exploited an API vulnerability to steal personal data on 37 million customer accounts. Not through some exotic zero-day — through a misconfigured web API that had been leaking data since November 2022. That's two months of silent hemorrhaging before anyone

Carl B. Johnson Oct 26, 2025 8 min read
Cyber Security

Cyber Security in 2025: What Actually Works Now

The Breach That Changed How I Think About Cyber Security In February 2025, the FBI's Internet Crime Complaint Center reported that losses from cybercrime exceeded $16 billion in 2024 — a record that shattered the previous year's numbers. That single statistic rewired how I approach cyber security

Carl B. Johnson Oct 15, 2025 7 min read
Cybersecurity Definition

Cybersecurity Definition: What It Actually Means in 2025

In May 2023, Progress Software's MOVEit file transfer tool was exploited by the Cl0p ransomware gang, compromising data from over 2,500 organizations and roughly 67 million individuals. Government agencies, hospitals, universities, Fortune 500 companies — none were spared. If you asked any of those organizations whether they had

Carl B. Johnson Sep 27, 2025 7 min read
Cloud Computing Security

Cloud Computing Security: What Goes Wrong in 2025

In January 2025, the Verizon Data Breach Investigations Report team was already tracking a sharp rise in cloud-specific intrusions — a trend that accelerated throughout the year. By mid-2025, roughly 45% of all breaches involved cloud assets, up significantly from prior years. If your organization moved to the cloud and assumed

Carl B. Johnson Sep 27, 2025 7 min read
Computer Security Software

Computer Security Software: What Actually Stops Breaches

In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $16 billion to cybercrime in 2024 — the highest figure ever recorded. Every single one of those victims had some form of computer security software installed. Antivirus was running. Firewalls were configured. And yet, the

Carl B. Johnson Sep 27, 2025 7 min read
Define Cyber

Define Cyber: What It Really Means in 2025

A Three-Letter Prefix That Now Governs Trillions of Dollars When the White House released its updated National Cybersecurity Strategy implementation plan in 2024, the word "cyber" appeared over 400 times in a single document. The Pentagon has an entire command built around it — U.S. Cyber Command. The

Carl B. Johnson Sep 27, 2025 6 min read
Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong in 2025

The Breach That Started With a Single Misconfigured S3 Bucket In 2023, Toyota disclosed that the vehicle data of 2.15 million customers had been publicly accessible for over a decade — because a cloud database was set to public instead of private. No sophisticated threat actor. No zero-day exploit. Just

Carl B. Johnson Sep 27, 2025 7 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2025

In March 2025, a mid-size logistics company in the Midwest lost $2.3 million after a single employee clicked a fake DocuSign link. The attacker harvested credentials, pivoted into the company's financial systems, and initiated wire transfers over a long weekend. The employee had never received phishing awareness

Carl B. Johnson Sep 25, 2025 8 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In March 2025, a mid-size healthcare provider in the Midwest lost 1.4 million patient records because one employee in accounts payable clicked a link in a fake DocuSign email. The organization had antivirus software, a firewall, and an email gateway. What they didn't have was a phishing

Carl B. Johnson Sep 22, 2025 7 min read