Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.
posts
The Policy Gathering Dust in Your Shared Drive In 2023, the city of Dallas was hit by a Royal ransomware attack that crippled municipal services for weeks. Investigators traced the initial access back to a service account and poor access controls — exactly the kind of risk a well-enforced acceptable use
In 2024, the average cost of a data breach in the financial sector hit $6.08 million — the second-highest of any industry, trailing only healthcare. That number comes straight from IBM's Cost of a Data Breach Report. I've spent years working with banks, credit unions, and
The Breach That Cost a Children's Charity Everything In 2023, Save the Children International confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with substantial resources still
The District That Lost 81,000 Student Records in a Single Weekend In 2023, the Minneapolis Public Schools district suffered a massive ransomware attack that exposed over 300,000 files — including sensitive records for tens of thousands of students. Psychological evaluations, sexual assault reports, Social Security numbers, and disciplinary records
A Single Misconfigured S3 Bucket Exposed 3 Billion Records In 2023, researchers at Cybernews discovered what they called one of the largest data exposures ever — over 3 billion records sitting in an open cloud storage instance. No sophisticated hack. No zero-day exploit. Just a misconfigured Amazon S3 bucket with public
A Single Misconfigured Bucket Cost Them Everything In 2023, Toyota disclosed that a cloud misconfiguration had exposed the vehicle location data of 2.15 million customers for over a decade. The root cause wasn't a sophisticated threat actor. It was a single storage bucket set to public instead
The Misconfiguration That Exposed 100 Million Records In 2019, a former Amazon Web Services employee exploited a misconfigured web application firewall to breach Capital One's cloud infrastructure. The result: over 100 million customer records exposed, a $190 million class-action settlement, and an $80 million fine from the OCC.
One Unapproved App Cost a Hospital Network $3 Million In 2023, a regional hospital system discovered that a department had been using an unapproved file-sharing tool to exchange patient records for over a year. The tool had no encryption, no access controls, and no audit trail. When an attacker exploited
Your Employees Already Built a Second IT Department In 2023, a Gartner survey found that 41% of employees acquired, modified, or created technology outside of IT's visibility. By now, that number has only grown. If you're asking what is shadow IT, the short answer is this:
The $4.88 Million Risk Sitting in Your Employees' Pockets In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. What most executives don't realize is how often the attack chain starts with a compromised mobile
