Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

The Breach That Didn't Start With You In early 2024, a massive data breach at Change Healthcare — a subsidiary of UnitedHealth Group — disrupted the entire U.S. healthcare payment system for weeks. The root cause? A threat actor exploited compromised credentials on a remote access portal that lacked

Carl B. Johnson May 07, 2026 5 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

October Comes and Goes — Breaches Don't Every October, organizations dust off the same tired PowerPoint decks, send a few reminder emails about password hygiene, and pat themselves on the back for "participating" in Cybersecurity Awareness Month. Then November arrives, an employee clicks a credential-harvesting link, and

Carl B. Johnson May 07, 2026 5 min read
Cyber Security

Cyber Security in 2026: What Actually Stops Breaches

A $9.5 Billion Problem That Keeps Getting Worse The FBI's Internet Crime Complaint Center (IC3) reported $12.5 billion in cybercrime losses in 2023 — a figure that's only climbed since. If you're searching for answers about cyber security, you're asking the

Carl B. Johnson May 05, 2026 5 min read
Shadow IT Risks

Shadow IT Risks: The Threats Hiding in Your Network

In 2023, a midsize healthcare company discovered that an employee had been syncing patient records to a personal Dropbox account for over two years. No malicious intent — just convenience. The result was a HIPAA violation, a six-figure settlement, and a brutal lesson in shadow IT risks that the organization'

Carl B. Johnson May 04, 2026 5 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability gave threat actors a master key to thousands of organizations — not through their own systems, but through a single third-party file transfer tool. Over 2,600 organizations and 77 million individuals were impacted, according to

Carl B. Johnson May 04, 2026 6 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and gained access to the company's entire network. The result: over $100 million in losses, days of disrupted operations,

Carl B. Johnson May 03, 2026 6 min read
Cyber Security

Cyber Security in 2026: What Actually Works Now

The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for millions of Americans. UnitedHealth Group confirmed paying a $22 million ransom. The attack vector? Stolen credentials on a system that lacked multi-factor authentication. One missing

Carl B. Johnson May 02, 2026 5 min read
NIST Standards

NIST Standards: What Actually Matters for Your Security

800 Pages of Security Guidance — and Most Teams Read None of It In 2023, the MOVEit Transfer breach compromised data from over 2,600 organizations worldwide. Many of those organizations claimed compliance with major frameworks. The problem wasn't that NIST standards didn't cover the vulnerability class

Carl B. Johnson May 01, 2026 5 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

A Poster on the Breakroom Wall Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state malware. Just a phone call.

Carl B. Johnson Apr 30, 2026 5 min read
What Is Cybersecurity

What Is Cybersecurity? A Practitioner's Real-World Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a ten-minute phone call. That single conversation gave attackers the keys to slot machines, hotel room systems, and customer data across an entire casino empire. If

Carl B. Johnson Apr 30, 2026 5 min read