Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why "Free" Costs More

In January 2024, Microsoft disclosed that the Russian threat actor group Midnight Blizzard had breached corporate email accounts — not through some exotic zero-day exploit, but through a password spray attack on a legacy test account that lacked multi-factor authentication. One of the most well-resourced technology companies on the planet got

Carl B. Johnson Feb 28, 2024 7 min read
Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat That Already Has a Badge and a Password In January 2023, the FBI arrested a former GE employee and a collaborator for stealing trade secrets related to turbine technology — a scheme that had been running for years. The insider had legitimate access the entire time. No firewall stopped

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In January 2023, a former Tesla employee leaked the personal information of over 75,000 people — names, Social Security numbers, financial records — to a foreign news outlet. Tesla confirmed the breach wasn't caused by a sophisticated threat actor or a zero-day exploit. It was an insider. If you&

Carl B. Johnson Dec 09, 2023 7 min read
Cybersecurity for Financial Services

Cybersecurity for Financial Services: A Survival Guide

The Industry That Gets Hit Hardest — and Most Often In January 2023, ION Trading Technologies — a critical software vendor serving derivatives traders worldwide — got hit with a LockBit ransomware attack that forced dozens of financial institutions back to manual trade processing. For days. In one of the most automated industries

Carl B. Johnson Nov 09, 2023 8 min read
Security Awareness Metrics

Security Awareness Metrics That Prove ROI in 2023

When MGM Resorts got hit with a devastating social engineering attack in September 2023, it wasn't a firewall failure. It wasn't a zero-day exploit. A threat actor called the help desk, impersonated an employee, and walked right through the front door. The estimated cost? Over $100

Carl B. Johnson Sep 16, 2023 7 min read
Security Awareness Training

How to Measure Security Awareness Training Effectively

In 2022, Medibank — one of Australia's largest health insurers — suffered a breach that exposed 9.7 million customer records. The root cause? Compromised credentials. A single employee's stolen login led to one of the most damaging data breaches in Australian history. Medibank had security awareness training

Carl B. Johnson Sep 16, 2023 7 min read
Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $2.6 Million Invoice Nobody Budgeted For In March 2023, the city of Oakland, California declared a state of emergency after a ransomware attack crippled city services for weeks. Systems went offline. Sensitive employee data leaked onto the dark web. The estimated recovery cost? Millions. And the initial entry

Carl B. Johnson Jun 09, 2023 7 min read