Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, threat actors had hijacked 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — and used them to run a Bitcoin scam. The breach didn't start with a
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker had hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — tweeting a Bitcoin scam that netted over $100,000. The most sophisticated firewall in the world wouldn&
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal tool credentials. Within hours, threat actors had hijacked high-profile accounts — Barack Obama, Elon Musk, Apple — and ran a Bitcoin scam that netted over $100,000. The breach didn't start with a zero-day exploit
A Disgruntled Engineer, a Careless Accountant, and $11.45 Billion in Losses In 2018, a former Tesla employee reportedly sabotaged the company's manufacturing systems and exfiltrated sensitive data to third parties. That same year, countless organizations bled data because an employee clicked a phishing link or misconfigured a
In July 2020, Twitter disclosed that attackers had compromised 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — by socially engineering their way past internal employees. The attackers didn't breach a firewall. They didn't exploit a zero-day vulnerability. They simply convinced insiders to hand over
The Largest Unplanned Security Experiment in History In March 2020, roughly 16 million U.S. knowledge workers shifted to remote work within two weeks. That's not a migration. That's an evacuation. And like any evacuation, people grabbed what they could and ran — personal laptops, home Wi-Fi
In April 2020, the FBI's Internet Crime Complaint Center reported it was receiving between 3,000 and 4,000 cybersecurity complaints per day — a roughly 400% increase from pre-pandemic levels. The single biggest catalyst? Millions of employees suddenly working from home on networks and devices that no corporate
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee using information scraped from LinkedIn. One phone call. One employee without clear verification protocols. That's all it took to shut down slot machines, hotel key cards, and reservation systems across
The Audit Finding That Costs More Than the Breach In 2023, a regional healthcare provider in Oklahoma paid a $1.3 million HIPAA settlement to the Office for Civil Rights. The root cause wasn't a sophisticated nation-state attack. It was a phishing email that an untrained employee clicked
In January 2024, CISA issued Emergency Directive 24-01 after a nation-state threat actor compromised Microsoft's corporate email environment. Federal agencies scrambled to audit their own Microsoft tenants. The directive wasn't theoretical — it was an emergency response to a real breach affecting the backbone of government communications.
