Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Security Awareness Training

How to Measure Security Awareness Training ROI

Your Training Program Might Be Failing — and You'd Never Know In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. Organizations with security awareness training and incident response planning cut that number dramatically. But here's

Carl B. Johnson Sep 01, 2019 8 min read
Cybersecurity Gamification Training

Cybersecurity Gamification Training That Actually Works

A 45-Minute Training Video Nobody Watched In 2023, a mid-size healthcare company I consulted for spent $60,000 on a compliance-focused security awareness program. It featured a 45-minute narrated slideshow, a 10-question quiz, and a certificate of completion. Their post-training phishing simulation results? A 31% click rate — virtually unchanged from

Carl B. Johnson Sep 01, 2019 7 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns: What to Know

In March 2025, CISA and the FBI issued a joint advisory warning that the Medusa ransomware gang had compromised over 300 organizations across critical infrastructure sectors — healthcare, education, legal, insurance, and manufacturing. The attack vector wasn't some exotic zero-day exploit. It was phishing. Specifically, carefully crafted Medusa ransomware

Carl B. Johnson Jul 04, 2019 6 min read
Phish

How to Phish Your Own Employees Before Hackers Do

A Single Phish Email Cost One Company $37 Million In 2024, Orion SA disclosed that a single employee fell for a business email compromise scheme and wired approximately $60 million to a threat actor's accounts. The company recovered some funds, but the net loss still exceeded $37 million.

Carl B. Johnson Jul 04, 2019 6 min read
Phishing

Phishing: Why It Still Works and How to Stop It

A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million to a single business email compromise attack. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices via email over a two-year period. These weren't sophisticated

Carl B. Johnson Jun 23, 2019 7 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Playlist

Your Organization Needs a Phish Setlist — Not Just One Test In 2023, the FBI's IC3 received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. Yet most organizations I work with still run the same single phishing simulation once a

Carl B. Johnson Jun 23, 2019 6 min read