Resources focused on building a security-conscious workforce through training, awareness campaigns, and policy enforcement. Topics include phishing simulations, security onboarding programs, acceptable use policies, and techniques for fostering lasting behavioral change among employees.
posts
One Employee Stole Data. The Other Just Clicked a Link. Both Cost Millions. In 2022, a former Amazon employee was convicted for her role in the Capital One breach that exposed over 100 million customer records. That same year, the Verizon Data Breach Investigations Report found that 82% of breaches
Your Employees Are Hungry — And Threat Actors Are Cooking In 2023, the FBI's Internet Crime Complaint Center (IC3) logged over 298,000 phishing complaints — more than any other cybercrime category for the fifth year running. That's nearly 817 reported phishing attacks per day. And those are
The Receptionist Who Stopped a $3 Million Wire Fraud In 2023, a business email compromise attack targeted a mid-size manufacturing company in Ohio. The threat actor had spoofed the CEO's email perfectly. The wire transfer request looked legitimate. But a receptionist — someone with zero technical background — noticed the
Your Employees Are Phish Food — And Threat Actors Know It In March 2025, the FBI's Internet Crime Complaint Center (IC3) released its 2024 annual report showing over $16 billion in reported cybercrime losses — the highest figure ever recorded. Phishing and its variants topped the list of complaint types
In 2024, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into a network reset. No zero-day exploit. No nation-state malware. Just a phone call. That single incident proved what I've been
One Clicked a Link. The Other Sold the Data. Both Cost Millions. In 2023, Tesla disclosed that two former employees had leaked the personal information of over 75,000 people — including Social Security numbers — to a foreign media outlet. That same year, the Verizon 2023 Data Breach Investigations Report confirmed
In 2023, MGM Resorts lost an estimated $100 million after a single social engineering phone call tricked an IT help desk employee into resetting credentials. One employee. One question they got wrong in real life — not on a cybersecurity awareness quiz, but in a live attack. The attacker found a
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They exploited a person — someone who hadn't been trained to recognize what was happening. That single
In May 2024, the FBI's Internet Crime Complaint Center released data showing that phishing was still the number one reported cybercrime — for the fifth year running. Over 298,000 complaints in 2023 alone. Despite billions spent on email filters and endpoint protection, threat actors keep winning because the
In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. One employee. One convincing lure. Twenty-five million dollars gone. That's not a hypothetical — it'
