Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

BYOD Security Risks

BYOD Security Risks: What's Really on Your Network

The Personal Phone That Took Down a Hospital Network In 2023, a nurse at a regional hospital plugged her personal phone into a workstation USB port to charge it. That phone carried malware picked up from a third-party app store. Within 72 hours, ransomware had encrypted patient records across three

Carl B. Johnson Apr 22, 2025 7 min read
Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat That Still Works

In 2023, a Ponemon Institute study sponsored by 3M found that 91% of visual hacking attempts — someone simply looking at a screen — were successful. No malware. No zero-day exploit. No phishing email. Just a person standing in the right place at the right time, reading credentials off someone else'

Carl B. Johnson Apr 20, 2025 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

The Breach That Started With a Single Slack Message In September 2022, a threat actor convinced a Uber contractor to approve a multi-factor authentication push notification. That single moment of human failure gave the attacker access to Uber's internal systems, including their Slack workspace, vulnerability reports, and financial

Carl B. Johnson Mar 29, 2025 8 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called an employee, pretended to

Carl B. Johnson Mar 29, 2025 7 min read
Security Awareness Metrics

Security Awareness Metrics That Actually Prove ROI

In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest ever recorded. That same report found that organizations with security awareness training programs saved an average of $258,629 per breach compared to those without. Yet when

Carl B. Johnson Mar 29, 2025 8 min read
Security Awareness Training

How to Measure Security Awareness Training Effectively

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered the company's IT help desk with a single phone call. The attackers didn't exploit a zero-day vulnerability. They exploited a person. That incident should make every security leader ask a blunt question:

Carl B. Johnson Mar 29, 2025 7 min read
Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $4.88 Million Problem With a Training-Shaped Solution IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. Meanwhile, the average investment in security awareness training per employee sits somewhere between $15 and $50

Carl B. Johnson Mar 25, 2025 7 min read