Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Cybersecurity for Healthcare

Cybersecurity for Healthcare Organizations: A 2022 Guide

In October 2020, the FBI, CISA, and HHS issued a joint advisory warning of an "imminent and increased" threat of ransomware attacks against U.S. hospitals. Within weeks, Universal Health Services — a Fortune 500 hospital chain operating 400 facilities — confirmed a Ryuk ransomware attack that forced staff to

Carl B. Johnson Jan 01, 2022 7 min read
Security Awareness Metrics

Security Awareness Metrics That Actually Prove ROI

In 2020, a mid-sized healthcare provider invested $250,000 in a security awareness program. Twelve months later, the CISO couldn't answer one question from the board: "Is it working?" No baseline measurements. No tracking. No defensible data. That CISO is now updating a résumé. I'

Carl B. Johnson Nov 28, 2021 7 min read
Security Awareness Training

How to Measure Security Awareness Training ROI

In March 2021, a single employee at a water treatment plant in Oldsmar, Florida clicked through a remote access session that could have poisoned a city's water supply. The attacker gained entry through a shared TeamViewer password — no phishing email required. The incident raised a question that boardrooms

Carl B. Johnson Nov 28, 2021 7 min read
Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $150 Investment vs. a $4.24 Million Breach In March 2021, CNA Financial — one of the largest insurance companies in the U.S. — paid a reported $40 million ransom after a ransomware attack that started with a single employee interaction. That's not a typo. Forty million dollars

Carl B. Johnson Nov 28, 2021 7 min read
Cybersecurity for Executives

Cybersecurity for Executives: What Boards Get Wrong

When Colonial Pipeline's CEO Joseph Blount testified before the Senate in June 2021, he admitted the company paid $4.4 million in ransom after a single compromised password shut down the largest fuel pipeline in the United States. No multi-factor authentication. No segmentation between IT and operational technology.

Carl B. Johnson Nov 28, 2021 6 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida managed service provider, which cascaded into the massive Kaseya VSA ransomware attack affecting up to 1,500 businesses worldwide. One click. One employee who didn't know how to spot

Carl B. Johnson Aug 31, 2021 8 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns Explained

A Ransomware Group That Starts With Your Inbox In June 2021, a mid-sized manufacturer discovered every file server in their environment encrypted. The ransom note was signed "Medusa." The entry point? A single phishing email that harvested an employee's VPN credentials. The Medusa ransomware gang phishing

Carl B. Johnson Aug 31, 2021 7 min read