Access guidance on designing and implementing employee security training programs that reduce human risk. Topics include security onboarding, ongoing awareness campaigns, compliance requirements, and measuring training effectiveness across your organization.
posts
The FTC Settlement That Should Make You Rethink Your Training Program In January 2023, the FTC finalized a settlement with Drizly and its CEO after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC specifically called out the company's failure
A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,
In January 2023, T-Mobile disclosed that a threat actor had stolen data on roughly 37 million customer accounts by exploiting a single API vulnerability. But here's what most people missed in the headlines — the breach went undetected for over a month. That's not just a technology
When MGM Resorts got hit with a devastating social engineering attack in September 2023, it wasn't a firewall failure. It wasn't a zero-day exploit. A threat actor called the help desk, impersonated an employee, and walked right through the front door. The estimated cost? Over $100
In 2022, Medibank — one of Australia's largest health insurers — suffered a breach that exposed 9.7 million customer records. The root cause? Compromised credentials. A single employee's stolen login led to one of the most damaging data breaches in Australian history. Medibank had security awareness training
A $2.6 Million Invoice Nobody Budgeted For In March 2023, the city of Oakland, California declared a state of emergency after a ransomware attack crippled city services for weeks. Systems went offline. Sensitive employee data leaked onto the dark web. The estimated recovery cost? Millions. And the initial entry
In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% jump from 2021. The vast majority of those losses traced back to failures in basic security practices. Not zero-day exploits. Not nation-state attacks. Basic, preventable
The 82% Problem Nobody Wants to Own The 2022 Verizon Data Breach Investigations Report found that 82% of breaches involved a human element — phishing, stolen credentials, misuse, or simple error. That number has barely budged in years. And yet most organizations still treat cybersecurity awareness training as a checkbox exercise:
In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Microsoft, Nvidia, Samsung, and Okta. They didn't use sophisticated zero-day exploits. They used social engineering. They bought credentials. They tricked employees. And they walked through the front door of some of the most well-resourced security
One Click Cost This Company Everything In March 2022, a single employee at Nvidia clicked something they shouldn't have. The Lapsus$ threat actor group walked away with over a terabyte of proprietary data, including employee credentials and source code. Nvidia isn't a small shop with weak
