Tag

security awareness training

Resources and best practices for designing and delivering effective security awareness training programs. Covers phishing simulations, compliance requirements, behavior change techniques, measuring training effectiveness, and fostering a culture of vigilance across organizations.

posts

phishing meaning

Phishing Meaning: What It Really Is and Why It Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. That's where phishing lives now — far beyond

Carl B. Johnson Sep 18, 2024 7 min read
computer security

Computer Security in 2024: What Actually Works Now

In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by a ransomware attack that disrupted pharmacy operations, delayed patient care, and potentially exposed the protected health information of tens of millions of Americans. The root cause? Compromised credentials on a remote

Carl B. Johnson Jul 10, 2024 7 min read
computer security advice

Computer Security Advice That Actually Stops Breaches

The Breach That Started With a Single Reused Password In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor — Midnight Blizzard — breached executive email accounts using a password spray attack against a legacy test account that lacked multi-factor authentication. Microsoft. One of the largest technology companies on Earth. Compromised

Carl B. Johnson May 13, 2024 7 min read
pretexting attacks

Pretexting Attack Examples: Real Scams Costing Millions

In 2023, a finance employee at a multinational firm wired $25 million after a video call with someone they believed was their CFO. It wasn't. The entire call — every face, every voice — was a deepfake fabricated by threat actors who'd spent weeks building a detailed pretext.

Carl B. Johnson Apr 07, 2024 7 min read
cyber security

Cyber Security in 2022: What's Actually Breaking

In March 2022, Okta confirmed that the Lapsus$ threat actor group had breached a third-party support contractor, potentially affecting hundreds of enterprise customers. A few weeks later, the same group hit Microsoft, Nvidia, and Samsung. These weren't obscure targets — they were companies with massive cyber security budgets, sophisticated

Carl B. Johnson Aug 11, 2022 7 min read
computer security

Computer Security in 2022: What Actually Works Now

In March 2022, Okta confirmed that the Lapsus$ threat actor group had accessed an internal support engineer's laptop, potentially affecting hundreds of downstream customers. A few weeks before that, the same group hit Nvidia, Samsung, and Microsoft. These weren't obscure targets. These were companies with massive

Carl B. Johnson Aug 11, 2022 6 min read
CISA cybersecurity guidelines

CISA Cybersecurity Guidelines: What They Mean for You

The Federal Agency Most Hackers Wish You'd Ignore In May 2021, Colonial Pipeline paid $4.4 million in ransom after a single compromised password shut down fuel delivery across the Eastern Seaboard. Within days, CISA — the Cybersecurity and Infrastructure Security Agency — issued an advisory with specific defensive measures

Carl B. Johnson Jan 01, 2022 7 min read
phish

How One Phish Can Sink Your Entire Organization

A Single Phish Took Down a $4 Billion Pipeline In May 2021, a single compromised password — likely harvested through a phish or credential reuse — gave attackers access to Colonial Pipeline's network. The result: a ransomware attack that shut down 5,500 miles of fuel pipeline, triggered gas shortages

Carl B. Johnson Aug 31, 2021 8 min read