Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Phishing News

Phishing News 2024: Attacks That Should Scare You

The Phishing Headlines Keep Getting Worse In January 2024, a finance worker at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That single incident captures everything terrifying about the current phishing news cycle: attacks are smarter, faster,

Carl B. Johnson Jul 23, 2024 6 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts

Carl B. Johnson Jul 23, 2024 8 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a single phone call. The attackers had done their homework — they knew the employee's name, role, and enough personal detail to sound legitimate. That's not

Carl B. Johnson Jul 23, 2024 8 min read
Fake Identity Website

Fake Identity Website Threats: How to Spot and Stop Them

The Fake Identity Website That Fooled an Entire HR Department Earlier this year, an HR team at a mid-size logistics company received a job application that checked every box. The resume was polished, the LinkedIn profile looked legitimate, and the applicant's personal website — showcasing a portfolio and professional

Carl B. Johnson Jul 16, 2024 7 min read
Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Emails

In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the

Carl B. Johnson Jul 13, 2024 7 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In January 2024, a single employee at a mid-sized accounting firm double-clicked a file named Invoice_Final_v2.exe. Within 40 minutes, the LockBit ransomware variant had encrypted 14,000 files across three networked drives. The ransom demand was $2.2 million. The firm's antivirus was installed. It

Carl B. Johnson Jul 13, 2024 6 min read
Cyber Security

Cyber Security in 2024: What Actually Works Now

The $4.88 Million Wake-Up Call You Can't Afford to Ignore IBM's 2024 Cost of a Data Breach Report pegs the global average cost of a breach at $4.88 million — the highest figure ever recorded. That's not a typo. And it's

Carl B. Johnson Jul 13, 2024 8 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2024

In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was brought to its knees by a ransomware attack. Patient data for potentially tens of millions of Americans was exposed. The initial access vector? Stolen credentials on a system that lacked multi-factor authentication. One

Carl B. Johnson Jul 10, 2024 7 min read
Security for System

Security for System Hardening: A Practical Guide

In February 2024, a misconfigured system at Change Healthcare led to one of the most devastating ransomware attacks in U.S. healthcare history. The ALPHV/BlackCat group exploited a Citrix remote access portal that lacked multi-factor authentication — a basic security for system control that should have been in place years

Carl B. Johnson Jul 10, 2024 7 min read
IT Security

IT Security in 2024: What Actually Works Now

In March 2024, UnitedHealth Group's subsidiary Change Healthcare was hit by a ransomware attack that disrupted insurance claim processing for hospitals and pharmacies across the United States. The company reportedly paid a $22 million ransom. The attack vector? Stolen credentials used to access a remote system that lacked

Carl B. Johnson Jul 10, 2024 7 min read