Tag

security awareness training

Resources and best practices for designing and delivering effective security awareness training programs. Covers phishing simulations, compliance requirements, behavior change techniques, measuring training effectiveness, and fostering a culture of vigilance across organizations.

posts

phishing email

Phishing Email Attacks: What They Look Like in 2021

In May 2021, a single phishing email led to the shutdown of Colonial Pipeline — the largest fuel pipeline in the United States. The attackers used compromised credentials, likely harvested through a phishing campaign, to deploy ransomware that disrupted fuel supply across the entire East Coast. That one email triggered panic

Carl B. Johnson Aug 18, 2021 7 min read
cybersecurity

Cybersecurity in 2021: What Actually Works Right Now

The Colonial Pipeline Attack Changed Everything On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom to the DarkSide threat actor group — and Americans along the East Coast panic-bought gasoline for days. That'

Carl B. Johnson Jul 01, 2021 7 min read
computer security

Computer Security in 2021: What Actually Works Now

The Colonial Pipeline Hack Changed the Conversation On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware group. Gas stations across the Southeast ran dry. Panic buying erupted.

Carl B. Johnson Jun 03, 2021 7 min read
cyber security

Cyber Security Basics That Actually Stop Breaches

The Colonial Pipeline Hack Was a Wake-Up Call Nobody Should Have Needed On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom to the DarkSide threat actor group, and fuel shortages rippled across the

Carl B. Johnson Jun 01, 2021 6 min read
computer security software

Computer Security Software: What Actually Stops Breaches

The Colonial Pipeline Just Proved Your Software Isn't Enough On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline's systems went dark, gasoline shortages spread across the Southeast, and a ransomware gang called DarkSide walked away

Carl B. Johnson May 18, 2021 6 min read
phishing email

How to Recognize a Phishing Email Before You Click

The Colonial Pipeline Attack Started with a Single Compromised Credential As I write this, Colonial Pipeline is still scrambling to restore fuel delivery to the southeastern United States after a ransomware attack that shut down 5,500 miles of pipeline. The FBI confirmed DarkSide as the threat actor. While the

Carl B. Johnson May 13, 2021 7 min read
insider threat indicators

Insider Threat Indicators: Spotting Danger Before Damage

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker hijacked accounts belonging to Barack Obama, Elon Musk, and Apple — tweeting a Bitcoin scam to millions. The breach didn't start with a sophisticated exploit or zero-day vulnerability. It

Carl B. Johnson Dec 12, 2020 7 min read
phish

Phish: How One Click Costs Companies Millions

One Phish Email Took Down a $60 Billion Company's Defenses In 2023, MGM Resorts International lost roughly $100 million after a social engineering attack that started with a single phone call to their help desk. But most attacks don't even require that much effort. The average

Carl B. Johnson Feb 28, 2020 7 min read
phishing training for employees

Phishing Training for Employees: What Actually Works

In 2023, MGM Resorts lost roughly $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way past security controls. No zero-day exploit. No nation-state malware. Just a phone call. That incident crystallized something I've been telling organizations for

Carl B. Johnson Feb 09, 2020 8 min read