Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong in 2025

The Breach That Started With a Single Misconfigured S3 Bucket In 2023, Toyota disclosed that the vehicle data of 2.15 million customers had been publicly accessible for over a decade — because a cloud database was set to public instead of private. No sophisticated threat actor. No zero-day exploit. Just

Carl B. Johnson Sep 27, 2025 7 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

In March 2025, a finance director at a mid-sized manufacturing company wired $2.3 million to a bank account in Southeast Asia. The request came from what looked like the CEO's email — same signature, same tone, same thread about an acquisition they'd been discussing for weeks.

Carl B. Johnson Sep 27, 2025 8 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

In March 2025, the FBI's Internet Crime Complaint Center reported that phishing remained the number one reported cybercrime for the fifth consecutive year. That stat alone should tell you everything about where threat actors are focusing their energy. But raw numbers don't teach your employees what

Carl B. Johnson Sep 22, 2025 7 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Attack That Cost MGM Resorts $100 Million Started With a Phone Call In September 2023, a threat actor called the MGM Resorts IT help desk, impersonated an employee they found on LinkedIn, and talked their way into a password reset. Within hours, the attackers had deployed ransomware across MGM&

Carl B. Johnson Sep 22, 2025 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects

Carl B. Johnson Sep 22, 2025 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A 2025 Survival Guide

In May 2025, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number-one reported cybercrime for the fifth consecutive year, with losses tied to business email compromise alone exceeding $2.9 billion annually in recent reports. I've spent over two decades

Carl B. Johnson Sep 22, 2025 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In March 2025, a mid-size healthcare provider in the Midwest lost 1.4 million patient records because one employee in accounts payable clicked a link in a fake DocuSign email. The organization had antivirus software, a firewall, and an email gateway. What they didn't have was a phishing

Carl B. Johnson Sep 22, 2025 7 min read