Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

A Single Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the category that includes every CEO fraud email scam — generated adjusted losses exceeding $2.9 billion in a single year. That number has held steady as one

Carl B. Johnson Mar 05, 2025 7 min read
Supply Chain Attacks

Supply Chain Attack Examples That Reshaped Cybersecurity

In December 2020, cybersecurity firm FireEye disclosed that a threat actor had compromised SolarWinds' Orion software update mechanism, distributing malware to roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and Fortune 500 companies. The attackers didn't break down the front door.

Carl B. Johnson Mar 05, 2025 7 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Skip

The $350 Million Acquisition That Fell Apart Over a Data Breach When Verizon moved to acquire Yahoo in 2017, the deal was nearly complete. Then Yahoo disclosed two massive data breaches affecting all three billion user accounts. Verizon knocked $350 million off the purchase price. That single failure in cybersecurity

Carl B. Johnson Feb 28, 2025 8 min read
Dark Web

What Is the Dark Web? A Security Pro's Real-World Guide

Your Stolen Password Is Already For Sale Somewhere In January 2024, a dataset called "Naz.API" surfaced on dark web forums containing over 70 million unique email addresses paired with plaintext passwords. The data had been harvested from credential-stealing malware installed on everyday people's computers. If

Carl B. Johnson Feb 28, 2025 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: What You Must Know in 2025

Your Employees' Passwords Are Probably Already for Sale In January 2024, researchers discovered a file called "Naz.API" circulating on dark web forums containing over 71 million unique email addresses paired with plaintext passwords — many harvested by credential-stealing malware. That's not a hypothetical. That'

Carl B. Johnson Feb 28, 2025 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A 2025 Guide

In January 2024, a single compromised employee credential at a mid-size financial services firm led to the theft of 4.3 million customer records. The breach cost the company $18 million in remediation, legal fees, and regulatory fines — and their brand reputation still hasn't recovered. That's

Carl B. Johnson Feb 28, 2025 7 min read
Malware

What Is Malware? A Security Pro's Field Guide for 2025

A Single Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider used social engineering to trick an MGM Resorts help desk employee into resetting credentials. Within hours, they deployed malware across MGM's network — crippling hotel check-ins, slot machines, and digital room keys

Carl B. Johnson Jan 06, 2025 7 min read