Access guidance on designing and implementing employee security training programs that reduce human risk. Topics include security onboarding, ongoing awareness campaigns, compliance requirements, and measuring training effectiveness across your organization.
posts
The Threat Already Inside Your Building In January 2023, the FBI arrested a former GE Aviation employee who had spent years downloading thousands of proprietary turbine technology files and transferring trade secrets to a competing business in China. The insider had legitimate access. He passed every background check. He sat
A $1.3 Million Fine for Skipping the Basics In 2023, the U.S. Department of Health and Human Services fined Lafourche Medical Group $480,000 for a phishing attack that compromised nearly 35,000 patient records. The root cause wasn't a sophisticated zero-day exploit. It was the
The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a social engineering message to an Uber employee, pretending to be IT support. The employee handed over credentials. Within hours, the attacker had access to internal systems, the company's HackerOne vulnerability reports,
Your Board Doesn't Care About Completion Rates I sat in a boardroom last year where a CISO proudly presented a 97% training completion rate. The CFO's response: "So why did we just pay $2.3 million to recover from a ransomware attack?" That question
Your Training Program Might Be Failing — and You'd Never Know In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. Organizations with security awareness training and incident response planning cut that number dramatically. But here's
A Single Click Cost One Company $100 Million In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack — a threat actor called the help desk, impersonated an employee, and gained access to internal systems. The entire breach hinged on human behavior, not a firewall failure. That
