Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2024

The Breach That Proved Perimeter Security Is Dead In January 2023, T-Mobile disclosed that a threat actor had been siphoning data from 37 million customer accounts since late November 2022 — by exploiting a single API. The attacker was already inside the network, moving laterally, harvesting names, emails, phone numbers, and

Carl B. Johnson Dec 07, 2023 8 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A Practical Defense Guide

Your Remote Workforce Is Your Largest Attack Surface In March 2023, the FBI's Internet Crime Complaint Center (IC3) reported that losses from cybercrime exceeded $10.3 billion in 2022 — a 49% increase from the year before. A massive chunk of those losses traced back to compromised remote workers.

Carl B. Johnson Nov 26, 2023 7 min read
Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Your First Defense

In 2022, a single employee at Uber received a flood of multi-factor authentication push notifications, got frustrated, and approved one. That decision gave a teenage threat actor access to Uber's internal systems, Slack, and cloud infrastructure. An acceptable use policy cybersecurity framework — one that specifically addressed MFA fatigue

Carl B. Johnson Nov 26, 2023 7 min read
Cybersecurity for Healthcare

Cybersecurity for Healthcare Organizations: A Field Guide

In October 2023, the healthcare sector reported more data breaches than any other industry — again. Prospect Medical Holdings was still recovering from an August ransomware attack that forced hospitals across four states to divert ambulances and revert to paper records. CommonSpirit Health's 2022 breach affected over 600,000

Carl B. Johnson Nov 09, 2023 7 min read
Cybersecurity for Financial Services

Cybersecurity for Financial Services: A Survival Guide

The Industry That Gets Hit Hardest — and Most Often In January 2023, ION Trading Technologies — a critical software vendor serving derivatives traders worldwide — got hit with a LockBit ransomware attack that forced dozens of financial institutions back to manual trade processing. For days. In one of the most automated industries

Carl B. Johnson Nov 09, 2023 8 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Survival Guide for 2024

In July 2023, a ransomware attack crippled the nonprofit hospital chain CommonSpirit Health, ultimately affecting over 600,000 patients and costing the organization an estimated $160 million. That's not a Fortune 500 company. That's a mission-driven organization built to serve communities — brought to its knees because

Carl B. Johnson Nov 09, 2023 7 min read
Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, independent security researchers discovered yet another wave of publicly exposed Amazon S3 buckets leaking sensitive customer data — healthcare records, financial documents, personally identifiable information. None of these organizations were hacked in the traditional sense. They simply got their

Carl B. Johnson Nov 03, 2023 7 min read