Access guidance on designing and implementing employee security training programs that reduce human risk. Topics include security onboarding, ongoing awareness campaigns, compliance requirements, and measuring training effectiveness across your organization.
posts
The FTC Doesn't Care About Your Good Intentions In 2023, the FTC finalized an order against Drizly — an online alcohol delivery company — after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC didn't just go after the company.
In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.
In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most
Computer security and cybersecurity are often used interchangeably — but they are not the same thing. Understanding the distinction, and the history behind both terms, helps organizations build stronger defenses.
AI-generated phishing emails are nearly indistinguishable from legitimate messages. Here is how to build a phishing awareness training program that gives employees the skills to spot them.
Modern phishing emails look exactly like the real thing. No typos, no suspicious attachments — just a convincing message designed to make you act without thinking. Here is how to spot them.
The $4.88 Million Lesson Most Organizations Still Haven't Learned IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involved
In January 2025, a finance employee at a multinational firm joined a video call with what appeared to be their CFO and several colleagues. Every face on the screen was a deepfake. The employee transferred $25 million before anyone realized what happened. That incident — reported by CNN and confirmed by
In May 2024, a single employee at a midsize healthcare company clicked a link in what looked like a routine Microsoft 365 password reset email. Within 72 hours, a threat actor had exfiltrated 1.4 million patient records, triggered a ransomware payload, and the organization was staring down an eight-figure
In October 2024, the FTC finalized a settlement with Marriott International and its subsidiary Starwood Hotels over data breaches that exposed the personal information of 344 million customers. Among the FTC's requirements: Marriott had to implement a comprehensive information security program — including mandatory employee training. That wasn'
