Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Cybersecurity for Executives

Cybersecurity for Executives: What Boards Must Know Now

The SolarWinds Wake-Up Call That Still Echoes in Every Boardroom When SolarWinds disclosed its massive supply chain compromise in late 2020, it wasn't just IT teams scrambling — it was CEOs fielding calls from senators, board members demanding answers they didn't have, and general counsel mapping out

Carl B. Johnson Jun 08, 2023 7 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

In March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives related to the 3CX supply chain compromise — a desktop phone app used by over 600,000 organizations globally. Threat actors had trojanized the software update itself, meaning every company that trusted the vendor's legitimate update

Carl B. Johnson Jun 08, 2023 8 min read
Vendor Risk Management

Vendor Risk Management Cybersecurity: A Practical Guide

The Breach That Didn't Start With You In January 2023, Mailchimp disclosed its second breach in under a year — this time through a social engineering attack on an employee. But the real damage radiated outward. Every company using Mailchimp as a vendor suddenly had a problem they didn&

Carl B. Johnson Jun 08, 2023 7 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What It Really Takes

The $350 Million Lesson Marriott Learned After Closing the Deal When Marriott acquired Starwood Hotels in 2016, the deal looked like a hospitality industry win. What nobody caught during cybersecurity due diligence was that Starwood's reservation system had been compromised since 2014. The breach wasn't discovered

Carl B. Johnson Jun 06, 2023 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: Where Your Passwords End Up

In January 2023, Norton LifeLock disclosed that attackers used credential stuffing to compromise roughly 6,450 customer accounts. The passwords didn't come from a Norton breach. They came from stolen credentials dark web marketplaces had been selling for months — maybe years. The attackers simply bought username-password combos from

Carl B. Johnson Jun 06, 2023 7 min read
Credential Stuffing Attack

Credential Stuffing Attack: How to Stop It Cold

23 Billion Stolen Credentials Are Already For Sale In January 2023, cybersecurity researchers at Digital Shadows reported over 24.6 billion stolen username-and-password pairs circulating on dark web marketplaces. That's roughly three credentials for every person on Earth. And every single one of them is a loaded weapon

Carl B. Johnson Jun 06, 2023 7 min read
Cybersecurity Glossary

Cybersecurity Glossary for Beginners: 40 Terms to Know

A hospital employee clicked a link in what looked like a routine password reset email. Within 72 hours, CommonSpirit Health — one of the largest U.S. health systems — was battling a ransomware attack that disrupted operations at over 140 facilities. The investigation report cited "lack of basic security awareness&

Carl B. Johnson Apr 23, 2023 7 min read
Malware

What Is Malware? A Security Pro's Field Guide

In February 2023, the U.S. Marshals Service confirmed a major ransomware attack that compromised sensitive law enforcement data — including personally identifiable information and internal legal documents. A federal agency with dedicated security staff and government-grade infrastructure still got hit. If you're running a business without those resources,

Carl B. Johnson Apr 10, 2023 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2022, the FBI issued a Private Industry Notification warning that cybercriminals were using keyloggers embedded in fake business invoices to compromise corporate networks. The attackers harvested credentials for weeks before anyone noticed. By then, the damage was done — financial accounts drained, email systems hijacked, and sensitive client data

Carl B. Johnson Jan 24, 2023 6 min read