Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, independent security researchers discovered yet another wave of publicly exposed Amazon S3 buckets leaking sensitive customer data — healthcare records, financial documents, personally identifiable information. None of these organizations were hacked in the traditional sense. They simply got their

Carl B. Johnson Nov 03, 2023 7 min read
Cloud Storage Security Risks

Cloud Storage Security Risks: What Your Team Ignores

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, security researchers discovered that a misconfigured cloud storage instance at Toyota had been leaking vehicle location data for over a decade — affecting 2.15 million customers. That wasn't a sophisticated nation-state attack. It was a configuration

Carl B. Johnson Nov 03, 2023 7 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

The App Your Marketing Team Installed Last Tuesday Could Cost You Millions In 2022, a mid-size healthcare company discovered that an employee had been syncing patient records to a personal Dropbox account for three years. No malicious intent — they just wanted to work from home more easily. The resulting HIPAA

Carl B. Johnson Nov 03, 2023 7 min read
SaaS Security

SaaS Security Best Practices: A Hands-On Guide

The Breach That Started With a Single SaaS Login In January 2023, Mailchimp disclosed its second major breach in less than a year. The cause? A threat actor used social engineering to trick an employee into handing over credentials to an internal tool. That single compromised SaaS login exposed 133

Carl B. Johnson Sep 29, 2023 7 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Most Companies Get Wrong

In March 2023, Samsung employees accidentally leaked sensitive source code and internal meeting notes by pasting proprietary data into ChatGPT — on their mobile devices. No malware was involved. No sophisticated threat actor broke through a firewall. Employees simply used their phones in ways the company's mobile device security

Carl B. Johnson Sep 18, 2023 7 min read
BYOD Security Risks

BYOD Security Risks: What Your Policy Is Missing

In January 2023, T-Mobile disclosed that a threat actor had stolen data on 37 million customer accounts — and the intrusion reportedly exploited an API accessible from systems that included employee-used devices. It wasn't a sophisticated zero-day. It was a gap in how endpoints and access were managed. If

Carl B. Johnson Sep 18, 2023 7 min read
USB Drive Security Risks

USB Drive Security Risks: The Threat Already on Your Desk

In January 2022, the FBI issued a public warning that the cybercriminal group FIN7 had been mailing malicious USB drives to U.S. companies — disguised as packages from Amazon and the U.S. Department of Health and Human Services. The drives, once plugged in, deployed ransomware onto corporate networks. This

Carl B. Johnson Sep 18, 2023 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,

Carl B. Johnson Sep 16, 2023 8 min read