Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Computer Security Companies

Computer Security Companies: What They Won't Tell You

The Blind Spot That Computer Security Companies Sell Around In March 2022, Okta — one of the most prominent identity management vendors in the world — confirmed that the Lapsus$ threat actor group had compromised a third-party support engineer's laptop and accessed internal systems. An identity security company, breached through

Carl B. Johnson Jul 30, 2022 7 min read
Cyber Security

Cyber Security Basics That Stop 90% of Attacks

The Breach That Started With a Single Password In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the Eastern United States. The attackers used a stolen VPN credential — no multi-factor authentication, no zero trust architecture, just one reused password. That's

Carl B. Johnson Jul 30, 2022 6 min read
Cyber Security Definition

Cyber Security Definition: What It Really Means in 2022

Costa Rica declared a national emergency in May 2022 after the Conti ransomware gang crippled 27 government institutions. Tax systems went offline. Foreign trade ground to a halt. An entire country — not just a company — was brought to its knees by a cyberattack. If you think the cyber security definition

Carl B. Johnson Jun 27, 2022 7 min read
Cybersecurity Definition

Cybersecurity Definition: What It Actually Means in 2022

In March 2022, the FBI's Internet Crime Complaint Center reported that Americans lost over $6.9 billion to cybercrime in 2021 — a 64% jump from the year before. That number makes the standard cybersecurity definition you'll find in a textbook feel almost dangerously quaint. If you&

Carl B. Johnson Jun 20, 2022 6 min read
Cloud Computing Security

Cloud Computing Security: What Goes Wrong and How to Fix It

In April 2022, researchers at Palo Alto Unit 42 reported that nearly 99% of cloud user accounts, services, and resources grant excessive permissions — permissions that are granted but never used. That gap between what's allowed and what's needed is exactly where threat actors operate. If you&

Carl B. Johnson Jun 20, 2022 6 min read
Define Cyber

Define Cyber: What It Really Means for Your Security

In May 2021, a single compromised password shut down Colonial Pipeline — the largest fuel pipeline in the United States — for six days. The company paid a $4.4 million ransom. Flights were disrupted. Gas stations ran dry across the Southeast. All because one set of credentials was exposed on the

Carl B. Johnson Jun 20, 2022 6 min read
NIST Standards

NIST Standards: A Practical Guide to Real Security

In March 2022, the Verizon Data Breach Investigations Report team released preliminary findings showing that 82% of breaches involved the human element — phishing, stolen credentials, and social engineering. Meanwhile, most organizations I work with still treat NIST standards like a dusty compliance checkbox rather than what they actually are: a

Carl B. Johnson Jun 20, 2022 7 min read
Security in Cloud Computing

Security in Cloud Computing: What Actually Goes Wrong

In April 2022, researchers at Wiz discovered that Microsoft Azure's PostgreSQL Flexible Server had vulnerabilities allowing cross-account database access. They called it ExtraReplica, and it affected thousands of Azure databases. This wasn't a theoretical exercise — it was a real demonstration that security in cloud computing remains

Carl B. Johnson May 26, 2022 7 min read
Phishing Awareness Training

Phishing Awareness Training: Why 82% of Breaches Start Here

The 2022 Verizon Data Breach Investigations Report landed last month, and one number should keep every business owner awake at night: 82% of breaches involved the human element. Phishing, stolen credentials, pretexting, human error — threat actors aren't picking locks. They're asking your employees to hold the

Carl B. Johnson May 26, 2022 7 min read
Phishing

What Is Phishing? A Security Pro's Field Guide

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's laptop — and the initial access vector was social engineering. A single employee interaction opened the door to a breach that rattled hundreds of downstream customers. If you're asking what is

Carl B. Johnson May 25, 2022 7 min read