Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In the 2020 Verizon Data Breach Investigations Report, over 80% of hacking-related breaches involved stolen or brute-forced credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. The single thing most people treat as an afterthought is the single thing that gets most organizations compromised. Knowing how to create a strong
The Breach That Started With a Sticky Note In 2020, a senior employee at a Florida water treatment facility reportedly reused passwords across multiple systems — including the one controlling sodium hydroxide levels in the public water supply. That incident, disclosed in early February 2021, showed exactly how a single weak
In December 2020, SolarWinds disclosed one of the most devastating supply chain compromises in history. But buried in the early reporting was a detail that made every security professional wince: a critical password — "solarwinds123" — had been publicly accessible on GitHub. One weak, reused, laughably simple password contributed to
The Breach That Started With "Password123" In 2020, the Verizon Data Breach Investigations Report confirmed what security professionals already suspected: over 80% of hacking-related breaches involved brute force or the use of lost or stolen credentials. That's not a typo. Four out of five breaches trace
When SolarWinds disclosed in December 2020 that threat actors had compromised their Orion software update mechanism — affecting up to 18,000 organizations including multiple U.S. government agencies — it became the most significant supply chain attack in modern history. The organizations that responded effectively didn't improvise. They followed
The SolarWinds Hack Rewrote the Playbook — While We Were Still Reading It As I write this in December 2020, the cybersecurity world is reeling from the SolarWinds supply chain compromise — arguably the most sophisticated cyber espionage campaign ever discovered against the U.S. government and private sector. It's
In July 2020, Twitter suffered one of the most visible cyber incidents of the year — a coordinated social engineering attack that compromised high-profile accounts including Barack Obama, Elon Musk, and Apple. The attackers walked away with over $100,000 in Bitcoin. But what stood out to me wasn't
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, threat actors had hijacked 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — and used them to run a Bitcoin scam. The breach didn't start with a
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker had hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — tweeting a Bitcoin scam that netted over $100,000. The most sophisticated firewall in the world wouldn&
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal tool credentials. Within hours, threat actors had hijacked high-profile accounts — Barack Obama, Elon Musk, Apple — and ran a Bitcoin scam that netted over $100,000. The breach didn't start with a zero-day exploit
