Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Zero Trust

What Is Zero Trust? A Practical Guide for 2024

In January 2023, T-Mobile disclosed that a threat actor had been siphoning data from 37 million customer accounts since November 2022 — through a single exploited API. The attacker moved laterally for weeks without triggering alarms. If you've ever wondered what is zero trust and why the entire industry

Carl B. Johnson Dec 09, 2023 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2024

The VPN Is Dead. The Breach That Proved It. In May 2023, a threat actor used stolen VPN credentials to breach a major U.S. government contractor, moving laterally across the network for weeks before detection. The attacker didn't exploit some exotic zero-day. They logged in with a

Carl B. Johnson Dec 09, 2023 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2024

The Breach That Proved Perimeter Security Is Dead In January 2023, T-Mobile disclosed that a threat actor had been siphoning data from 37 million customer accounts since late November 2022 — by exploiting a single API. The attacker was already inside the network, moving laterally, harvesting names, emails, phone numbers, and

Carl B. Johnson Dec 07, 2023 8 min read
Securing Remote Employees

Securing Remote Employees: A Practical 2023 Guide

In August 2023, a single remote employee at a casino and entertainment company fell for a social engineering call. That one mistake gave threat actors the keys to MGM Resorts' entire kingdom — an attack that cost the company over $100 million in damages according to their SEC filing. The

Carl B. Johnson Nov 26, 2023 7 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2023

In May 2023, Barracuda Networks disclosed that a zero-day vulnerability in its VPN appliances had been actively exploited since October 2022 — giving threat actors seven months of undetected access to customer networks. CISA issued an emergency directive. The patch wasn't enough; Barracuda told customers to physically replace compromised

Carl B. Johnson Nov 26, 2023 7 min read
Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Your First Defense

In 2022, a single employee at Uber received a flood of multi-factor authentication push notifications, got frustrated, and approved one. That decision gave a teenage threat actor access to Uber's internal systems, Slack, and cloud infrastructure. An acceptable use policy cybersecurity framework — one that specifically addressed MFA fatigue

Carl B. Johnson Nov 26, 2023 7 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2023

The Framework That Could Have Prevented a $150 Million Mistake When Equifax disclosed its catastrophic 2017 breach affecting 147 million Americans, the postmortem was brutal. The company had failed at the most basic elements of what the NIST Cybersecurity Framework prescribes: asset inventory, patch management, and network segmentation. The FTC

Carl B. Johnson Nov 09, 2023 7 min read
Cybersecurity for Financial Services

Cybersecurity for Financial Services: A Survival Guide

The Industry That Gets Hit Hardest — and Most Often In January 2023, ION Trading Technologies — a critical software vendor serving derivatives traders worldwide — got hit with a LockBit ransomware attack that forced dozens of financial institutions back to manual trade processing. For days. In one of the most automated industries

Carl B. Johnson Nov 09, 2023 8 min read