Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Password Security Best Practices

Password Security Best Practices That Actually Work

The Breach That Started With a Single Reused Password In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered their way into systems — and weak credential hygiene played a central role. That incident didn't start with a sophisticated zero-day exploit. It started

Carl B. Johnson Jan 22, 2024 6 min read
Strong Passwords

How to Create a Strong Password That Actually Stops Hackers

In September 2023, a credential stuffing attack against 23andMe exposed the personal data of nearly 7 million users. The root cause wasn't some exotic zero-day exploit. It was reused, weak passwords. Attackers took credentials leaked from other breaches, tried them on 23andMe accounts, and walked right in. That&

Carl B. Johnson Jan 22, 2024 7 min read
Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

The Breach That Started With "Company123!" In September 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering to compromise employee credentials. The attack didn't require some sophisticated zero-day exploit. It started with identity — with passwords and people. And it'

Carl B. Johnson Jan 22, 2024 7 min read
Strong Passwords

Strong Password Examples That Actually Stop Hackers

The Password That Cost One Company $4.4 Billion In 2017, Equifax suffered a breach that exposed 147 million records and eventually cost the company over $4 billion in total losses and settlements. One of the contributing factors? Weak internal credential management. The admin username and password for a critical

Carl B. Johnson Dec 11, 2023 7 min read
Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat That Already Has a Badge and a Password In January 2023, the FBI arrested a former GE employee and a collaborator for stealing trade secrets related to turbine technology — a scheme that had been running for years. The insider had legitimate access the entire time. No firewall stopped

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In January 2023, a former Tesla employee leaked the personal information of over 75,000 people — names, Social Security numbers, financial records — to a foreign news outlet. Tesla confirmed the breach wasn't caused by a sophisticated threat actor or a zero-day exploit. It was an insider. If you&

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: The Real Threat

Two Employees, Two Paths to a Breach In May 2023, Tesla disclosed that two former employees had leaked the personal data of over 75,000 workers — including Social Security numbers and financial records — to a German news outlet. That wasn't a sophisticated nation-state hack. It was insiders walking

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threat Indicators

Insider Threat Indicators: 12 Red Flags You're Missing

In January 2023, the U.S. Department of Justice charged a former Twitter employee with spying for Saudi Arabia — accessing the personal data of dissidents and handing it to foreign intelligence. He'd worked at the company for years. Passed background checks. Sat in meetings. Nobody flagged a thing

Carl B. Johnson Dec 09, 2023 7 min read