Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Insider Threats

Insider Threat Examples: 7 Real Cases That Cost Millions

In 2022, a former employee of Cash App's parent company, Block Inc., downloaded reports containing the personal information of 8.2 million customers — months after being terminated. The company's failure to revoke access cost them regulatory scrutiny, a class-action lawsuit, and reputational damage that no PR

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In May 2022, a Yahoo research scientist named Qian Sang downloaded roughly 570,000 pages of proprietary source code to his personal devices — minutes after receiving a job offer from a competitor. Yahoo's internal systems flagged it, but only after the data had already left. That incident is

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

One Clicked a Link. The Other Sold the Data. Both Cost Millions. In 2023, Tesla disclosed that two former employees had leaked the personal information of over 75,000 people — including Social Security numbers — to a foreign media outlet. That same year, the Verizon 2023 Data Breach Investigations Report confirmed

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threat Indicators

Insider Threat Indicators: 9 Red Flags to Catch Early

In May 2022, a Yahoo research scientist named Qian Sang downloaded roughly 570,000 pages of proprietary source code to his personal devices — just two weeks after accepting a job at a competitor. Yahoo's internal systems flagged the bulk transfer, but only after the damage was done. This

Carl B. Johnson Jun 12, 2025 6 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard had breached corporate email accounts — not by exploiting some exotic zero-day, but by password spraying a legacy test tenant that lacked multi-factor authentication. One overlooked account. No MFA. Catastrophic access. If a company with Microsoft's resources

Carl B. Johnson Jun 12, 2025 7 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2025

The Breach That Made "Trust But Verify" Obsolete In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had compromised executive email accounts — not by exploiting some exotic zero-day, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. One overlooked

Carl B. Johnson Jun 12, 2025 8 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical 2025 Guide

The VPN That Let Attackers Walk Right In In January 2024, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Chinese state-sponsored threat actors had exploited Ivanti Connect Secure VPN vulnerabilities to breach multiple U.S. federal agencies. The attackers didn't kick down the door. They walked through

Carl B. Johnson May 25, 2025 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2025

In January 2024, Microsoft disclosed that a Russian threat actor known as Midnight Blizzard breached corporate email accounts — not through some exotic zero-day, but by password-spraying a legacy test account that lacked multi-factor authentication. One forgotten account. No segmentation. No least-privilege enforcement. The result: a nation-state actor reading executive emails

Carl B. Johnson May 25, 2025 7 min read
Cybersecurity Training Compliance

Cybersecurity Training Compliance: What Regulators Want

In October 2024, the FTC finalized a settlement with Marriott International and its subsidiary Starwood Hotels over data breaches that exposed the personal information of 344 million customers. Among the FTC's requirements: Marriott had to implement a comprehensive information security program — including mandatory employee training. That wasn'

Carl B. Johnson May 10, 2025 7 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2025

The Framework Nobody Reads — Until After the Breach In February 2024, Change Healthcare suffered a ransomware attack that disrupted pharmacy operations across the United States for weeks. UnitedHealth Group eventually disclosed that the breach affected roughly 100 million individuals — making it one of the largest healthcare data breaches in history.

Carl B. Johnson May 10, 2025 7 min read