Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Cybersecurity for Healthcare

Cybersecurity for Healthcare Organizations: A Field Guide

In October 2023, the healthcare sector reported more data breaches than any other industry — again. Prospect Medical Holdings was still recovering from an August ransomware attack that forced hospitals across four states to divert ambulances and revert to paper records. CommonSpirit Health's 2022 breach affected over 600,000

Carl B. Johnson Nov 09, 2023 7 min read
Cloud Storage Security Risks

Cloud Storage Security Risks: What Your Team Ignores

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, security researchers discovered that a misconfigured cloud storage instance at Toyota had been leaking vehicle location data for over a decade — affecting 2.15 million customers. That wasn't a sophisticated nation-state attack. It was a configuration

Carl B. Johnson Nov 03, 2023 7 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

The App Your Marketing Team Installed Last Tuesday Could Cost You Millions In 2022, a mid-size healthcare company discovered that an employee had been syncing patient records to a personal Dropbox account for three years. No malicious intent — they just wanted to work from home more easily. The resulting HIPAA

Carl B. Johnson Nov 03, 2023 7 min read
Shadow IT

What Is Shadow IT? The Hidden Risk Draining Your Security

The Salesforce Instance Nobody Knew About In 2022, a mid-size healthcare company discovered that one of its marketing teams had been running an entirely separate Salesforce instance — for eleven months. Patient-adjacent data sat in an environment with no encryption at rest, no access controls, and no logging. The IT security

Carl B. Johnson Nov 03, 2023 7 min read
SaaS Security

SaaS Security Best Practices: A Hands-On Guide

The Breach That Started With a Single SaaS Login In January 2023, Mailchimp disclosed its second major breach in less than a year. The cause? A threat actor used social engineering to trick an employee into handing over credentials to an internal tool. That single compromised SaaS login exposed 133

Carl B. Johnson Sep 29, 2023 7 min read
CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

In May 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — caused adjusted losses exceeding $2.7 billion in 2022 alone. That made it the single most financially devastating cybercrime category the FBI tracks. Not ransomware.

Carl B. Johnson Jun 08, 2023 7 min read
Executive Phishing Attacks

Executive Phishing Attacks: Why the C-Suite Is Ground Zero

In January 2022, a European subsidiary of the Japanese manufacturer Nikkei lost $29 million after a single employee followed wire transfer instructions from a fraudulent email that impersonated a senior executive. That wasn't a failure of firewalls or endpoint detection. It was a surgical, well-researched executive phishing attack

Carl B. Johnson Jun 08, 2023 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: Where Your Passwords End Up

In January 2023, Norton LifeLock disclosed that attackers used credential stuffing to compromise roughly 6,450 customer accounts. The passwords didn't come from a Norton breach. They came from stolen credentials dark web marketplaces had been selling for months — maybe years. The attackers simply bought username-password combos from

Carl B. Johnson Jun 06, 2023 7 min read