Resources and best practices for designing and delivering effective security awareness training programs. Covers phishing simulations, compliance requirements, behavior change techniques, measuring training effectiveness, and fostering a culture of vigilance across organizations.
posts
In 2024, a single compromised employee smartphone gave a threat actor full access to a healthcare company's patient records — 1.4 million individuals affected, an OCR investigation opened, and a brand reputation shattered. The initial vector? A phishing link sent via SMS that bypassed every email filter the
A Single Click That Cost $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phishing attack that started with a phone call to an IT help desk. Threat actors from the Scattered Spider group used social engineering to impersonate
The FBI Gmail Alert That Should Have Your Full Attention In 2023, the FBI's Internet Crime Complaint Center (IC3) received over 298,000 phishing complaints — and Gmail accounts were among the most targeted. The FBI has repeatedly issued warnings about sophisticated phishing campaigns targeting Gmail users, including AI-generated
In March 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for nearly every hospital and pharmacy in the United States. The root cause? Stolen credentials on a system without multi-factor authentication. One overlooked gap in cyber security brought a $32 billion company to its knees and
The Breach That Changed How I Think About Computer Security In early 2024, Change Healthcare — one of the largest health payment processors in the United States — got hit with a ransomware attack that disrupted pharmacy operations, delayed patient care, and exposed the protected health information of roughly 100 million individuals.
