Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

In January 2023, T-Mobile disclosed that a threat actor had stolen data on roughly 37 million customer accounts by exploiting a single API vulnerability. But here's what most people missed in the headlines — the breach went undetected for over a month. That's not just a technology

Carl B. Johnson Sep 16, 2023 7 min read
Security Awareness Metrics

Security Awareness Metrics That Prove ROI in 2023

When MGM Resorts got hit with a devastating social engineering attack in September 2023, it wasn't a firewall failure. It wasn't a zero-day exploit. A threat actor called the help desk, impersonated an employee, and walked right through the front door. The estimated cost? Over $100

Carl B. Johnson Sep 16, 2023 7 min read
Security Awareness Training

How to Measure Security Awareness Training Effectively

In 2022, Medibank — one of Australia's largest health insurers — suffered a breach that exposed 9.7 million customer records. The root cause? Compromised credentials. A single employee's stolen login led to one of the most damaging data breaches in Australian history. Medibank had security awareness training

Carl B. Johnson Sep 16, 2023 7 min read
Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $2.6 Million Invoice Nobody Budgeted For In March 2023, the city of Oakland, California declared a state of emergency after a ransomware attack crippled city services for weeks. Systems went offline. Sensitive employee data leaked onto the dark web. The estimated recovery cost? Millions. And the initial entry

Carl B. Johnson Jun 09, 2023 7 min read
Cybersecurity for Executives

Cybersecurity for Executives: What Boards Must Know Now

The SolarWinds Wake-Up Call That Still Echoes in Every Boardroom When SolarWinds disclosed its massive supply chain compromise in late 2020, it wasn't just IT teams scrambling — it was CEOs fielding calls from senators, board members demanding answers they didn't have, and general counsel mapping out

Carl B. Johnson Jun 08, 2023 7 min read
CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

In May 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — caused adjusted losses exceeding $2.7 billion in 2022 alone. That made it the single most financially devastating cybercrime category the FBI tracks. Not ransomware.

Carl B. Johnson Jun 08, 2023 7 min read
Executive Phishing Attacks

Executive Phishing Attacks: Why the C-Suite Is Ground Zero

In January 2022, a European subsidiary of the Japanese manufacturer Nikkei lost $29 million after a single employee followed wire transfer instructions from a fraudulent email that impersonated a senior executive. That wasn't a failure of firewalls or endpoint detection. It was a surgical, well-researched executive phishing attack

Carl B. Johnson Jun 08, 2023 7 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

In March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives related to the 3CX supply chain compromise — a desktop phone app used by over 600,000 organizations globally. Threat actors had trojanized the software update itself, meaning every company that trusted the vendor's legitimate update

Carl B. Johnson Jun 08, 2023 8 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What It Really Takes

The $350 Million Lesson Marriott Learned After Closing the Deal When Marriott acquired Starwood Hotels in 2016, the deal looked like a hospitality industry win. What nobody caught during cybersecurity due diligence was that Starwood's reservation system had been compromised since 2014. The breach wasn't discovered

Carl B. Johnson Jun 06, 2023 7 min read