Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Cyber Security

Cyber Security in 2026: What Actually Stops Breaches

A $9.5 Billion Problem That Keeps Getting Worse The FBI's Internet Crime Complaint Center (IC3) reported $12.5 billion in cybercrime losses in 2023 — a figure that's only climbed since. If you're searching for answers about cyber security, you're asking the

Carl B. Johnson May 05, 2026 5 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

A Single Email That Cost $100 Million In 2019, Toyota Boshoku Corporation lost $37 million after an employee followed wire transfer instructions in a fraudulent email. Facebook and Google collectively lost over $100 million to a Lithuanian threat actor who sent fake invoices posing as a hardware vendor. These aren&

Carl B. Johnson May 05, 2026 5 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability gave threat actors a master key to thousands of organizations — not through their own systems, but through a single third-party file transfer tool. Over 2,600 organizations and 77 million individuals were impacted, according to

Carl B. Johnson May 04, 2026 6 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

Your Employees' Phones Are Under Siege In March 2024, MGM Resorts was still reeling from one of the most expensive social engineering attacks in corporate history — one that started with a phone call, not an email. That incident cost the company over $100 million. And it's not

Carl B. Johnson May 04, 2026 6 min read
Phishing

Phishing Attacks in 2026: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Lands You Here Here's something I find fascinating — "phising" is one of the most commonly misspelled cybersecurity terms on the internet. If you searched for it, you're in exactly the right place. Phishing (with the

Carl B. Johnson May 02, 2026 6 min read
Cyber Security

Cyber Security in 2026: What Actually Works Now

The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for millions of Americans. UnitedHealth Group confirmed paying a $22 million ransom. The attack vector? Stolen credentials on a system that lacked multi-factor authentication. One missing

Carl B. Johnson May 02, 2026 5 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

A Poster on the Breakroom Wall Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state malware. Just a phone call.

Carl B. Johnson Apr 30, 2026 5 min read
Data Breach

What Causes a Data Breach: 7 Root Causes in 2026

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state tooling. Just a phone call. If you want to understand what causes a data breach,

Carl B. Johnson Apr 30, 2026 5 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past an IT help desk — with a single phone call. That one interaction led to a ransomware attack that shut down slot machines, hotel check-ins, and digital key cards across Las

Carl B. Johnson Apr 29, 2026 5 min read