Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

The Breach That Proved "Trust But Verify" Was a Lie In 2020, a threat actor compromised SolarWinds' Orion software update mechanism and silently infiltrated over 18,000 organizations — including multiple U.S. federal agencies and Fortune 500 companies. The attackers didn't blast through firewalls. They

Carl B. Johnson Jun 25, 2026 6 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

Your Employees' Credentials Are Already for Sale In March 2024, AT&T confirmed that data from approximately 73 million current and former customers appeared on the dark web. That breach didn't happen overnight — the data had been circulating in underground markets for years before anyone noticed.

Carl B. Johnson Jun 25, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Steals Millions

The Phishing Email That Came From PayPal's Own Servers In late 2024, security researchers at Avanan documented a campaign where threat actors sent phishing invoices through PayPal's actual invoicing system — meaning the emails passed SPF, DKIM, and DMARC checks flawlessly. The same tactic has since merged

Carl B. Johnson Jun 24, 2026 5 min read
Insider Threats

How to Prevent Insider Threats Before They Cost Millions

In 2022, a former employee at Cash App's parent company, Block, downloaded reports containing the personal information of 8.2 million customers — months after they'd left the company. Their access had never been revoked. That single oversight triggered SEC filings, lawsuits, and reputational damage that took

Carl B. Johnson Jun 23, 2026 5 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Scams Still Working

The Email That Cost One Company $121 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $121 million from Google and Facebook using nothing more than fake invoices and spoofed email addresses. No zero-day exploits. No sophisticated malware. Just phishing emails that looked like they

Carl B. Johnson Jun 21, 2026 6 min read
CISA Cybersecurity Guidelines

CISA Cybersecurity Guidelines: What Actually Matters

Most Organizations Read CISA's Advice — Then Ignore the Hard Parts In 2023, the City of Dallas got hit with Royal ransomware. Services went down. Police dispatch systems broke. Recovery took weeks and cost millions. The attack vector? The kind of basic intrusion that CISA cybersecurity guidelines have warned

Carl B. Johnson Jun 20, 2026 5 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported over $12.5 billion in losses from internet crime — a record high driven largely by organized criminal groups running coordinated fraud operations. These aren't lone hackers in basements. They're structured teams with defined roles,

Carl B. Johnson Jun 19, 2026 5 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

In 2023, a single phishing email cost MGM Resorts an estimated $100 million. The threat actor didn't exploit a zero-day vulnerability or deploy exotic malware. They called the help desk, impersonated an employee found on LinkedIn, and got a password reset. That's it. If you'

Carl B. Johnson Jun 19, 2026 5 min read