Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Social Engineering Examples

Social Engineering Examples That Fool Even Experts

The Phone Call That Cost MGM Resorts $100 Million In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced the technician to reset credentials. That single phone call triggered a ransomware attack that disrupted operations across Las Vegas

Carl B. Johnson Apr 04, 2026 5 min read
Phishing Email Detection

How to Recognize a Phishing Email Before You Click

In March 2024, a finance director at a mid-size manufacturer in Ohio wired $2.3 million to a threat actor who impersonated the company's CEO — all because of a single phishing email. The message looked perfect: right logo, right tone, right email signature. It even referenced an actual

Carl B. Johnson Apr 04, 2026 5 min read
Phishing Training for Employees

Phishing Training for Employees: What Actually Works

The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a social engineering phone call that led to credential theft and a devastating ransomware attack. The estimated cost exceeded $100 million. The attack vector? A

Carl B. Johnson Apr 02, 2026 5 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most

Carl B. Johnson Mar 31, 2026 5 min read
Cybersecurity for Financial Services

Cybersecurity for Financial Services: A 2026 Playbook

The Industry That Can't Afford a Single Mistake In November 2023, the SEC fined several financial advisory firms a combined total of nearly $750,000 for cybersecurity failures following credential theft incidents that exposed thousands of customer records. The firms had the basics — firewalls, antivirus — but lacked the

Carl B. Johnson Mar 29, 2026 5 min read
Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

One Reused Password Cost This Company $4.6 Billion In 2017, a single set of reused credentials let threat actors walk into Equifax's systems and expose 147 million records. The total cost exceeded $4.6 billion when you factor in the FTC settlement, lawsuits, and remediation. One password.

Carl B. Johnson Mar 29, 2026 5 min read
Cybersecurity Awareness Quiz

Cybersecurity Awareness Quiz: Test Your Team Now

93% of Breaches Start With a Person, Not a Firewall In 2023, Verizon's Data Breach Investigations Report confirmed what security professionals have been screaming about for years: the human element was involved in 74% of all breaches. By 2024, that figure remained stubbornly high. A cybersecurity awareness quiz

Carl B. Johnson Mar 28, 2026 5 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns: What to Know

The FBI Warned You About Medusa. Did You Listen? In March 2025, the FBI and CISA issued a joint advisory — #StopRansomware: Medusa Ransomware — warning that the Medusa ransomware gang had already hit over 300 organizations across critical infrastructure sectors. Healthcare, education, manufacturing, technology. The common thread? Nearly every intrusion started

Carl B. Johnson Jan 26, 2026 7 min read