Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most
A $5.8 Million Wake-Up Call from the FTC In 2023, the FTC finalized a settlement with Drizly and its CEO after a data breach exposed the personal information of roughly 2.5 million consumers. What made this case unusual wasn't just the fine — it was that the
The Industry That Can't Afford a Single Mistake In November 2023, the SEC fined several financial advisory firms a combined total of nearly $750,000 for cybersecurity failures following credential theft incidents that exposed thousands of customer records. The firms had the basics — firewalls, antivirus — but lacked the
One Reused Password Cost This Company $4.6 Billion In 2017, a single set of reused credentials let threat actors walk into Equifax's systems and expose 147 million records. The total cost exceeded $4.6 billion when you factor in the FTC settlement, lawsuits, and remediation. One password.
93% of Breaches Start With a Person, Not a Firewall In 2023, Verizon's Data Breach Investigations Report confirmed what security professionals have been screaming about for years: the human element was involved in 74% of all breaches. By 2024, that figure remained stubbornly high. A cybersecurity awareness quiz
In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the
23 Billion Stolen Credentials Are Circulating Right Now In 2020, Digital Shadows found more than 15 billion stolen credentials for sale on dark web markets — and that number has only climbed since. Every single one of those username-password pairs is ammunition for a credential stuffing attack. This isn't
In March 2021, Microsoft disclosed that the Hafnium threat actor group had exploited Exchange Server vulnerabilities — but what most people missed is that many of those compromised servers were initially discovered through brute force password spraying. The attackers didn't need a sophisticated zero-day for every target. They just
In January 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of account takeover — cost victims over $1.8 billion in 2020 alone. That made it the costliest category of cybercrime by a wide margin. Not ransomware. Not credit card fraud. Account takeover.
In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise and identity theft schemes cost U.S. organizations over $4.2 billion in 2020 alone — making it the single most expensive category of cybercrime. That number isn't slowing down. If you run
