Tag

Phishing Prevention

Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.

posts

Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, independent security researchers discovered yet another wave of publicly exposed Amazon S3 buckets leaking sensitive customer data — healthcare records, financial documents, personally identifiable information. None of these organizations were hacked in the traditional sense. They simply got their

Carl B. Johnson Nov 03, 2023 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical Field Guide

The $65 Million Misconfiguration Nobody Saw Coming In March 2023, Toyota disclosed that a cloud misconfiguration had exposed vehicle data on 2.15 million customers for over a decade. A single cloud storage bucket, left publicly accessible, quietly leaked data from 2012 to 2023. Nobody noticed for ten years. That&

Carl B. Johnson Nov 03, 2023 7 min read
BYOD Security Risks

BYOD Security Risks: What Your Policy Is Missing

In January 2023, T-Mobile disclosed that a threat actor had stolen data on 37 million customer accounts — and the intrusion reportedly exploited an API accessible from systems that included employee-used devices. It wasn't a sophisticated zero-day. It was a gap in how endpoints and access were managed. If

Carl B. Johnson Sep 18, 2023 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,

Carl B. Johnson Sep 16, 2023 8 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

In January 2023, T-Mobile disclosed that a threat actor had stolen data on roughly 37 million customer accounts by exploiting a single API vulnerability. But here's what most people missed in the headlines — the breach went undetected for over a month. That's not just a technology

Carl B. Johnson Sep 16, 2023 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2023

In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% jump from 2021. The vast majority of those losses traced back to failures in basic security practices. Not zero-day exploits. Not nation-state attacks. Basic, preventable

Carl B. Johnson Jun 08, 2023 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% increase from the year before. The uncomfortable truth? Most of those losses trace back to failures in basic security practices, not sophisticated zero-day exploits. A

Carl B. Johnson Jun 08, 2023 7 min read
Cybersecurity for Executives

Cybersecurity for Executives: What Boards Must Know Now

The SolarWinds Wake-Up Call That Still Echoes in Every Boardroom When SolarWinds disclosed its massive supply chain compromise in late 2020, it wasn't just IT teams scrambling — it was CEOs fielding calls from senators, board members demanding answers they didn't have, and general counsel mapping out

Carl B. Johnson Jun 08, 2023 7 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What It Really Takes

The $350 Million Lesson Marriott Learned After Closing the Deal When Marriott acquired Starwood Hotels in 2016, the deal looked like a hospitality industry win. What nobody caught during cybersecurity due diligence was that Starwood's reservation system had been compromised since 2014. The breach wasn't discovered

Carl B. Johnson Jun 06, 2023 7 min read