Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.
posts
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They just talked their way
Most Quiz Questions Are a Waste of Everyone's Time I recently reviewed a Fortune 500 company's annual security awareness program. Their quiz had 20 multiple-choice questions. One of them asked employees to define the word "malware." Another asked which year the first computer virus
In May 2021, a single phishing email led to the shutdown of Colonial Pipeline — the largest fuel pipeline in the United States. One compromised credential. One employee who didn't catch the red flags. The result: fuel shortages across the East Coast, a $4.4 million ransom payment, and
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime for the fifth consecutive year. Yet every week, I still talk to business owners who think phishing is just "those obvious Nigerian prince emails." It'
A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million to a single business email compromise attack. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices via email over a two-year period. These weren't sophisticated
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing phone call — a single, targeted social engineering attack against an IT help desk employee — to breach one of the largest casino operators on the planet. The attacker found the employee'
Last year, a finance director at a mid-size logistics company wired $1.2 million to a threat actor who sent a single phishing email impersonating the CEO. The email contained no malware, no suspicious attachments, and no misspelled words. It simply asked for an urgent wire transfer, referenced a real
The $4.88 Million Email That Looked Completely Normal In 2023, a finance employee at a midsize manufacturing firm received an email from what appeared to be the CEO. It referenced a real acquisition the company was working on. It used the CEO's actual email signature. The employee
Your Old AIM Email Address Is Still a Liability In December 2017, AOL officially shut down AIM — AOL Instant Messenger — ending a 20-year run that defined how an entire generation communicated online. But here's what most people don't realize: the credentials tied to AIM email accounts
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime for the fifth consecutive year. That number only accounts for what gets reported. The actual volume is staggering. So what is a phishing attack, and why does
