Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Phishing Training for Employees

Phishing Training for Employees: A Practical Guide

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. One employee. One convincing lure. Twenty-five million dollars gone. That's not a hypothetical — it'

Carl B. Johnson May 03, 2024 7 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Breaches

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. It started with a phishing email. Every catastrophic breach I've investigated over the past decade traces

Carl B. Johnson May 02, 2024 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In January 2024, a single phishing email led to the breach of roughly 26 billion records in what researchers dubbed the "Mother of All Breaches" — a compilation leak aggregating data from LinkedIn, Twitter, Dropbox, and dozens of other platforms. That staggering number puts something into sharp focus: every

Carl B. Johnson May 02, 2024 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In January 2023, Reddit disclosed that an attacker had used a carefully crafted phishing email — targeting a specific employee with internal details about the company — to steal credentials and access internal systems. It wasn't a mass-blast scam. It was a precision strike. That's spear phishing in

Carl B. Johnson May 02, 2024 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $25 Million In early 2024, an employee at British engineering firm Arup joined a video call with what appeared to be the company's chief financial officer and several colleagues. Every face on the screen was a deepfake. The employee, convinced by

Carl B. Johnson Apr 08, 2024 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call where every other participant — including the CFO — was a deepfake. The attackers had studied publicly available footage, cloned voices and faces, and orchestrated an elaborate social engineering attack that

Carl B. Johnson Apr 07, 2024 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the payment. No malware. No zero-day exploit. Just a well-trained employee who wasn't trained well enough. That incident

Carl B. Johnson Mar 24, 2024 7 min read