Tag

Employee Cybersecurity Training

Employee cybersecurity training posts help organizations educate their workforce on recognizing threats and following security protocols. Content covers onboarding training modules, role-based instruction, ongoing reinforcement techniques, and methods for reducing human error in security incidents.

posts

Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In March 2020, a single phishing email led to a credential theft incident at Magellan Health that exposed data on 365,000 patients. The attacker impersonated a Magellan executive, tricked one employee, and spent five days inside the network before anyone noticed. A functioning phishing awareness program might have stopped

Carl B. Johnson Apr 15, 2021 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In December 2020, FireEye disclosed one of the most sophisticated supply chain attacks in history — the SolarWinds breach. Threat actors compromised a trusted software update, slipping past automated defenses at over 18,000 organizations including multiple U.S. government agencies. But here's the detail that gets buried: investigators

Carl B. Johnson Apr 02, 2021 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

One Month Won't Save You — But It Can Start Something That Does In October 2020, during Cybersecurity Awareness Month, a major hospital chain — Universal Health Services — was fighting off one of the largest ransomware attacks in U.S. healthcare history. The Ryuk ransomware hit over 400 facilities. Staff

Carl B. Johnson Apr 02, 2021 6 min read
Phishing Simulation Training

Phishing Simulation Training: Why Most Programs Fail

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. One conversation. No malware payload, no zero-day exploit, no sophisticated code. Just a human being who wasn't prepared for the moment. That'

Carl B. Johnson Jan 19, 2020 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

One Click Cost Them $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained access to internal systems. The resulting ransomware attack cost

Carl B. Johnson Jan 19, 2020 7 min read