Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Ransomware Attack Prevention

Ransomware Attack Prevention: A Practical Guide for 2024

In January 2024, Fulton County, Georgia — home to Atlanta — was crippled by a ransomware attack that knocked court systems offline, disrupted tax processing, and left residents unable to access basic government services for weeks. It wasn't an isolated event. The FBI's Internet Crime Complaint Center (IC3)

Carl B. Johnson Feb 28, 2024 8 min read
Ransomware

What Is Ransomware? A Security Pro's Blunt Guide

In September 2023, MGM Resorts watched its slot machines go dark, hotel room keys stop working, and reservation systems crash — all because a threat actor social-engineered the company's help desk with a ten-minute phone call. The attackers deployed ransomware that cost MGM an estimated $100 million in lost

Carl B. Johnson Feb 28, 2024 6 min read
Ransomware Prevention

How to Prevent Ransomware: A Practical Defense Guide

The $1.1 Billion Year That Changed Everything In 2023, ransomware payments topped $1.1 billion globally, according to Chainalysis research. That's more than double the previous year. If you're reading this wondering how to prevent ransomware, understand this first: threat actors aren't slowing

Carl B. Johnson Feb 09, 2024 7 min read
Ransomware Recovery

Ransomware Recovery Steps: A Battle-Tested Playbook

The Phone Call No One Wants to Get at 3 AM I got the call on a Tuesday morning. A mid-sized logistics company had every file server locked with a .lockbit extension. Their dispatchers couldn't route a single truck. Their accounting team was staring at ransom notes instead

Carl B. Johnson Feb 09, 2024 7 min read
Ransomware Examples

Ransomware Examples: What 2024 Attacks Teach Us

The Ransomware Landscape Right Now Is Brutal In January 2024, the Hive ransomware group's infrastructure had barely been dismantled by the FBI before new ransomware gangs filled the vacuum. If you searched for ransomware examples hoping to understand what's coming next, the best place to start

Carl B. Johnson Feb 09, 2024 7 min read
Ransomware

How Ransomware Spreads: 7 Paths Into Your Network

In September 2023, MGM Resorts lost an estimated $100 million after a social engineering phone call — just one phone call — gave threat actors the foothold they needed to deploy ransomware across the company's entire infrastructure. Slot machines went dark. Hotel key cards stopped working. Reservation systems collapsed. All

Carl B. Johnson Feb 09, 2024 7 min read
Data Breach

What Causes a Data Breach: 7 Root Causes Behind Every Attack

In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered a help desk employee with a single phone call. One conversation. That's all it took to cripple slot machines, hotel check-in systems, and digital room keys across Las Vegas for over a

Carl B. Johnson Jan 22, 2024 7 min read
Data Breach Examples

Data Breach Examples: What 2024 Trends Tell Us

The Breach That Cost MGM Resorts Over $100 Million In September 2023, a threat actor called Scattered Spider brought MGM Resorts to its knees — not with some exotic zero-day exploit, but with a phone call. A social engineering attack against the company's IT help desk gave attackers the

Carl B. Johnson Jan 22, 2024 7 min read
Data Breach Notification

Data Breach Notification Requirements: A 2024 Guide

In May 2023, the FTC finalized a revised Health Breach Notification Rule that expanded who must report breaches — and shortened the clock to do it. Most organizations I talk to had no idea the change happened. They found out the hard way: staring down a regulatory inquiry with no incident

Carl B. Johnson Jan 22, 2024 8 min read