Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $100 Million In 2019, a UK-based energy company's CEO received a phone call from what he believed was his boss — the head of the parent company in Germany. The voice was perfect. The accent, the tone, the speech patterns — all spot

Carl B. Johnson Apr 21, 2022 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In March 2022, the Lapsus$ threat actor group breached Okta by socially engineering a third-party support contractor. No malware. No zero-day exploit. Just a human being who got manipulated. The breach potentially affected hundreds of Okta's enterprise customers, and it started with the simplest attack vector there is

Carl B. Johnson Apr 04, 2022 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Okta, Microsoft, Samsung, and Nvidia in rapid succession. Their primary weapon wasn't a sophisticated zero-day exploit. It was employee cybersecurity training failures: stolen credentials, SIM swapping, and social engineering attacks that targeted the humans sitting

Carl B. Johnson Apr 04, 2022 7 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2022

One Click Cost This Company Everything In March 2022, a single employee at Nvidia clicked something they shouldn't have. The Lapsus$ threat actor group walked away with over a terabyte of proprietary data, including employee credentials and source code. Nvidia isn't a small shop with weak

Carl B. Johnson Apr 04, 2022 7 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A Practical Defense Guide

The Breach That Started on a Kitchen Table In December 2020, a SolarWinds contractor working from home reportedly used the password "solarwinds123" on a critical server. That single weak credential contributed to one of the most devastating supply chain attacks in history, compromising at least nine U.S.

Carl B. Johnson Jan 15, 2022 7 min read
Securing Remote Employees

Securing Remote Employees: A Practical Guide for 2022

In July 2021, a ransomware attack on Kaseya's VSA software cascaded through managed service providers and hit up to 1,500 businesses — many of them small companies with remote workers connecting through poorly secured endpoints. The REvil gang demanded $70 million. That single incident crystallized what I'

Carl B. Johnson Jan 15, 2022 8 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2022

When Colonial Pipeline shut down 5,500 miles of fuel infrastructure in May 2021 due to a single compromised password, it wasn't a failure of technology. It was a failure of framework. The company lacked the layered defenses, detection capabilities, and response plans that the NIST Cybersecurity Framework

Carl B. Johnson Jan 01, 2022 7 min read