Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Phishing Simulation Training

Phishing Simulation Training: Why 90% of Breaches Start Here

A Single Click Cost One County $1.3 Million In March 2022, Bernalillo County, New Mexico was still recovering from a ransomware attack that started with what investigators believe was a phishing email. The county had to close government buildings, delay jail proceedings, and shut down key services. The remediation

Carl B. Johnson May 25, 2022 7 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

The Phishing Email That Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that attackers used carefully crafted phishing emails to trick finance department employees into wiring $46.7 million to overseas accounts controlled by threat actors. The emails impersonated executives. They looked legitimate. And trained professionals

Carl B. Johnson May 25, 2022 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In March 2022, the threat actor group Lapsus$ breached Okta by compromising a single employee's credentials through a social engineering attack. One phished account. That's all it took to put thousands of downstream customers at risk. If you're wondering how to avoid phishing attacks,

Carl B. Johnson May 25, 2022 8 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $100 Million In 2019, a UK-based energy company's CEO received a phone call from what he believed was his boss — the head of the parent company in Germany. The voice was perfect. The accent, the tone, the speech patterns — all spot

Carl B. Johnson Apr 21, 2022 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In March 2022, the Lapsus$ threat actor group breached Okta by socially engineering a third-party support contractor. No malware. No zero-day exploit. Just a human being who got manipulated. The breach potentially affected hundreds of Okta's enterprise customers, and it started with the simplest attack vector there is

Carl B. Johnson Apr 04, 2022 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams That Fool Smart People

In 2020, a teenager convinced a Twitter employee he was a co-worker from the IT department. That single phone call led to the compromise of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and a Bitcoin scam that netted over $100,000 in hours. The attack wasn'

Carl B. Johnson Apr 04, 2022 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: What Actually Works

The 82% Problem Nobody Wants to Own The 2022 Verizon Data Breach Investigations Report found that 82% of breaches involved a human element — phishing, stolen credentials, misuse, or simple error. That number has barely budged in years. And yet most organizations still treat cybersecurity awareness training as a checkbox exercise:

Carl B. Johnson Apr 04, 2022 8 min read
Cybersecurity Training for Employees

Cybersecurity Training for Employees: A Practical Guide

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Microsoft, Nvidia, Samsung, and Okta. They didn't use sophisticated zero-day exploits. They used social engineering. They bought credentials. They tricked employees. And they walked through the front door of some of the most well-resourced security

Carl B. Johnson Apr 04, 2022 6 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Okta, Microsoft, Samsung, and Nvidia in rapid succession. Their primary weapon wasn't a sophisticated zero-day exploit. It was employee cybersecurity training failures: stolen credentials, SIM swapping, and social engineering attacks that targeted the humans sitting

Carl B. Johnson Apr 04, 2022 7 min read