Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Security Awareness Training Program

Security Awareness Training Program: Build One That Works

In January 2024, Microsoft disclosed that a Russian threat actor group — Midnight Blizzard — had breached executive email accounts using a simple password spray attack against a legacy test account that lacked multi-factor authentication. One of the most technically sophisticated companies on the planet, compromised by one of the oldest tricks

Carl B. Johnson Mar 24, 2024 8 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

October Ends. The Phishing Emails Don't. Every October, organizations plaster break rooms with cybersecurity posters, blast out a few reminder emails, and call it a win. Then November rolls around, and the same employees click the same malicious links. I've watched this cycle repeat for over

Carl B. Johnson Feb 28, 2024 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why "Free" Costs More

In January 2024, Microsoft disclosed that the Russian threat actor group Midnight Blizzard had breached corporate email accounts — not through some exotic zero-day exploit, but through a password spray attack on a legacy test account that lacked multi-factor authentication. One of the most well-resourced technology companies on the planet got

Carl B. Johnson Feb 28, 2024 7 min read
Ransomware Prevention

How to Prevent Ransomware: A Practical Defense Guide

The $1.1 Billion Year That Changed Everything In 2023, ransomware payments topped $1.1 billion globally, according to Chainalysis research. That's more than double the previous year. If you're reading this wondering how to prevent ransomware, understand this first: threat actors aren't slowing

Carl B. Johnson Feb 09, 2024 7 min read
Ransomware Protection Tips

Ransomware Protection Tips That Actually Work in 2024

MGM Resorts lost an estimated $100 million from a single ransomware attack in September 2023. The entry point? A social engineering call to the help desk that lasted about ten minutes. That's all it took for the Scattered Spider threat actor group to cripple slot machines, hotel check-in

Carl B. Johnson Feb 09, 2024 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had breached executive email accounts — not through some exotic zero-day exploit, but through a simple password spray attack on a legacy test account that lacked multi-factor authentication. If Microsoft can get caught flat-footed, your organization

Carl B. Johnson Feb 09, 2024 6 min read
Data Breach Response Plan

Data Breach Response Plan: What Actually Works in 2024

When MGM Resorts got hit in September 2023, the chaos lasted ten days. Hotel room keys stopped working. Slot machines went dark. Reservation systems crashed. The estimated cost topped $100 million. And here's the part that stings — the initial compromise reportedly started with a social engineering call to

Carl B. Johnson Jan 22, 2024 8 min read