Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised VPN credential gave attackers the keys to the kingdom. One password. No multi-factor authentication. No segmentation between IT and operational technology networks. The attackers from the DarkSide group walked through a flat network like it
The Colonial Pipeline Made "Never Trust, Always Verify" a Boardroom Priority In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom — and the real costs ran far deeper. The attack exploited a legacy
In July 2021, a remote employee at a Florida IT management firm clicked a link that looked like a routine software update. Within hours, the REvil ransomware gang had compromised Kaseya's VSA platform and cascaded the attack to an estimated 1,500 downstream businesses. The initial foothold? A
The Breach That Started on a Kitchen Table In December 2020, a SolarWinds contractor working from home reportedly used the password "solarwinds123" on a critical server. That single weak credential contributed to one of the most devastating supply chain attacks in history, compromising at least nine U.S.
In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server. That single credential failure contributed to one of the most devastating supply chain breaches in modern history, compromising at least nine federal agencies and over 100 private companies. The root cause wasn'
The Fine That Changed Everything for One Healthcare Provider In October 2020, the U.S. Department of Health and Human Services fined Premera Blue Cross $6.85 million after a data breach exposed 10.4 million records. The root cause wasn't some exotic zero-day exploit. It was a
When Colonial Pipeline shut down 5,500 miles of fuel infrastructure in May 2021 due to a single compromised password, it wasn't a failure of technology. It was a failure of framework. The company lacked the layered defenses, detection capabilities, and response plans that the NIST Cybersecurity Framework
The FTC Just Fined a Company $5 Billion. Are You Next? In 2019, the FTC levied a record-breaking $5 billion penalty against Facebook for privacy violations. That number made headlines, but here's what most business owners missed: the FTC doesn't just go after tech giants. They
In October 2020, the FBI, CISA, and HHS issued a joint advisory warning of an "imminent and increased" threat of ransomware attacks against U.S. hospitals. Within weeks, Universal Health Services — a Fortune 500 hospital chain operating 400 facilities — confirmed a Ryuk ransomware attack that forced staff to
The Industry That Loses More Per Breach Than Any Other In 2021, a single ransomware attack against CNA Financial reportedly led to a $40 million ransom payment — one of the largest ever disclosed. That incident wasn't an anomaly. It was a signal. Cybersecurity for financial services isn'
