Tag

phishing prevention

Targeted advice on identifying and stopping phishing attacks before they cause damage. Topics include recognizing social engineering tactics, deploying email filtering tools, conducting phishing simulations, and training employees to report suspicious messages promptly.

posts

computer security

Computer Security in 2026: What Actually Works Now

In 2023, MGM Resorts lost roughly $100 million from a single social engineering phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and within minutes had the credentials needed to deploy ransomware across the entire enterprise. That's not a firewall failure. That&

Carl B. Johnson Jun 29, 2026 5 min read
phishing simulation training

Phishing Simulation Training: Why Most Programs Fail

A 60% Click Rate That Should Have Been a Wake-Up Call I ran a phishing simulation training exercise for a mid-size logistics company last year. The first campaign used a fake Microsoft 365 password reset email — nothing fancy, no zero-day exploit, just a convincing lure. Sixty percent of employees clicked.

Carl B. Johnson Jun 22, 2026 5 min read
CISA cybersecurity guidelines

CISA Cybersecurity Guidelines: What Actually Matters

In February 2024, CISA issued an emergency directive after a threat actor compromised Microsoft's corporate email systems and accessed correspondence from multiple federal agencies. The directive forced agencies to reset credentials, review logs, and report back within days. That single incident crystallized something I've been telling

Carl B. Johnson May 16, 2026 6 min read
computer security advice

Computer Security Advice That Actually Works in 2026

The Breach That Started With a Single Browser Extension In early 2024, a data breach at a mid-size healthcare firm started not with some sophisticated zero-day exploit, but with a Chrome extension an employee installed to manage their tabs. That extension harvested saved passwords, session cookies, and browser history. Within

Carl B. Johnson May 15, 2026 5 min read
computer security

Computer Security in 2025: What Actually Works Now

In February 2025, the FBI's Internet Crime Complaint Center reported that cybercrime losses in 2024 exceeded $16 billion — a staggering jump from the $12.5 billion reported the year before. That number landed like a gut punch across the security community, but honestly, none of us were surprised.

Carl B. Johnson Nov 06, 2025 7 min read
cybersecurity tips

Cybersecurity Tips That Actually Work in 2025

The Breach That Started With a Single Password In January 2024, Microsoft disclosed that a Russian threat actor group known as Midnight Blizzard accessed corporate email accounts — including those of senior leadership — using nothing more than a password spray attack against a legacy test account that lacked multi-factor authentication. No

Carl B. Johnson Nov 06, 2025 7 min read
computer security

Computer Security in 2024: What Actually Works Now

In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by a ransomware attack that disrupted pharmacy operations, delayed patient care, and potentially exposed the protected health information of tens of millions of Americans. The root cause? Compromised credentials on a remote

Carl B. Johnson Jul 10, 2024 7 min read
pretexting attacks

Pretexting Attack Examples: Real Scams Costing Millions

In 2023, a finance employee at a multinational firm wired $25 million after a video call with someone they believed was their CFO. It wasn't. The entire call — every face, every voice — was a deepfake fabricated by threat actors who'd spent weeks building a detailed pretext.

Carl B. Johnson Apr 07, 2024 7 min read
computer security

Computer Security in 2022: What Actually Works Now

In March 2022, Okta confirmed that the Lapsus$ threat actor group had accessed an internal support engineer's laptop, potentially affecting hundreds of downstream customers. A few weeks before that, the same group hit Nvidia, Samsung, and Microsoft. These weren't obscure targets. These were companies with massive

Carl B. Johnson Aug 11, 2022 6 min read
CISA cybersecurity guidelines

CISA Cybersecurity Guidelines: What They Mean for You

The Federal Agency Most Hackers Wish You'd Ignore In May 2021, Colonial Pipeline paid $4.4 million in ransom after a single compromised password shut down fuel delivery across the Eastern Seaboard. Within days, CISA — the Cybersecurity and Infrastructure Security Agency — issued an advisory with specific defensive measures

Carl B. Johnson Jan 01, 2022 7 min read