Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The $5.8 Billion Wake-Up Call You Can't Afford to Ignore In 2023, the FTC finalized sweeping updates to the Safeguards Rule. By 2024, enforcement actions were landing on companies most people had never heard of — small mortgage brokers, auto dealers, online retailers. The message was clear: the
A Single Ransomware Attack Shut Down Patient Care for 28 Days In early 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by the ALPHV/BlackCat ransomware group. The breach disrupted claims processing for thousands of providers nationwide. UnitedHealth Group later confirmed approximately
The Breach That Cost a Children's Charity Everything In 2023, Save the Children Federation confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with significant resources still
The Sector Threat Actors Love to Target In September 2023, the Minneapolis Public Schools district saw 300,000 files dumped on the dark web after refusing to pay a $1 million ransom. Student psychological evaluations, sexual assault reports, Social Security numbers — all publicly exposed. That breach wasn't an
A Single Checkbox Left 100 Million Records Exposed In 2019, a former cloud engineer exploited a misconfigured web application firewall at Capital One and accessed over 100 million customer records stored in AWS S3 buckets. The breach cost Capital One over $270 million in settlements and remediation. The root cause
The Misconfigured Bucket That Exposed 540 Million Records In 2019, researchers at UpGuard discovered that Facebook app developers had stored hundreds of millions of user records in Amazon S3 buckets with public access enabled. No hacking. No zero-day exploit. Just a misconfiguration checkbox that nobody reviewed. That single oversight sits
The Misconfiguration That Exposed 100 Million Records In 2019, Capital One learned the hard way that a single misconfigured web application firewall in AWS could expose the personal data of over 100 million customers. The breach cost the company more than $270 million in fines and remediation. That incident wasn&
The SaaS Sprawl Nobody's Watching In 2023, a single misconfigured Salesforce Community site exposed sensitive health records from a government agency in Vermont. The data was public for months before anyone noticed. The application wasn't hacked in any traditional sense — it was simply left open because
A Single Lost Phone Cost This Company $3.3 Million In 2023, the healthcare provider Yakima Valley Memorial Hospital disclosed a data breach where a security guard used login credentials on a personal mobile device to access the records of over 400 patients. That incident triggered an OCR investigation, reputational
The Personal Phone That Took Down a Hospital Network In 2023, a nurse at a mid-sized hospital plugged a personal phone into a workstation USB port to charge it. That phone was already compromised with malware from a sideloaded app. Within 72 hours, threat actors had lateral movement across the
