Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that phishing was the most frequently reported cybercrime — again. Over 193,000 complaints were filed for phishing alone, and the real number is far higher since most incidents go unreported. I've spent years watching organizations get
Your Inbox Is a Buffet — And Threat Actors Are Cooking In March 2023, the FBI's Internet Crime Complaint Center reported that phishing was the number one crime type by victim count for the fifth year running, with over 298,000 complaints in a single year. Every one of
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime category for the fifth year running. That's not a number on a slide deck. That's hundreds of thousands of real organizations bleeding money,
A Single Fake Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that Business Email Compromise (BEC) schemes — built entirely on fake emails — accounted for over $2.9 billion in adjusted losses across the United States. That figure only captures what
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — attacks built on fakeemail addresses and spoofed sender identities — accounted for over $2.9 billion in adjusted losses. That made it the single most financially devastating cybercrime category they tracked. Not ransomware. Not cryptojacking. Fake
In 2022, a single phishing email sent to a Twilio employee led to the compromise of 163 customer accounts, including high-profile targets like Signal. The attacker didn't exploit a zero-day vulnerability or brute-force a password. They sent a text message that looked like it came from Twilio'
In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses and recovery. The attacker didn't blast out a million generic messages — they researched one employee, crafted one convincing message, and made one phone call to the help desk. That's the
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. One conversation. No malware payload, no zero-day exploit, no sophisticated code. Just a human being who wasn't prepared for the moment. That'
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — more than any other cybercrime category. That number has only grown since. I've spent years helping organizations respond to phishing incidents, and the pattern is almost always the same: someone clicks a
The Email That Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a video call with what appeared to be the company's CFO and several colleagues. Every face on that call was a deepfake. The employee authorized $25.6 million in transfers
