These articles guide organizations through designing, launching, and measuring security awareness training programs. Topics include curriculum development, phishing simulations, compliance requirements, engagement strategies, and metrics that demonstrate program effectiveness to leadership.
posts
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered a help desk employee. One phone call. One manipulated employee. That's all it took to bring a multi-billion-dollar company to its knees. The
In 2024, the average cost of a data breach hit $4.88 million globally, according to IBM's Cost of a Data Breach Report. The same report found that organizations with security awareness training programs and extensive security AI saved an average of $2.22 million per breach compared
In January 2024, Microsoft disclosed that a Russian threat actor group — Midnight Blizzard — had breached executive email accounts using a simple password spray attack against a legacy test account that lacked multi-factor authentication. One of the most technically sophisticated companies on the planet, compromised by one of the oldest tricks
In March 2020, a single employee at Magellan Health clicked a phishing email that impersonated an executive. The result: a ransomware attack that exposed personal data of over 365,000 individuals. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a firewall. They sent an
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered the company's IT help desk with a ten-minute phone call. The attacker didn't exploit a zero-day. They didn't brute-force a password. They simply convinced a human being to hand over
