Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Fake Identity Website

Fake Identity Website Threats: How Criminals Steal Data

That Login Page Isn't Real — And Your Employees Can't Tell In March 2022, the FBI warned that cybercriminals were registering domains impersonating well-known businesses at an alarming rate. The scam is straightforward: build a fake identity website that mirrors a legitimate login page, blast phishing emails

Carl B. Johnson Aug 23, 2022 7 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In January 2022, a single employee at a European oil storage company opened what looked like a routine invoice. Within hours, the BlackCat ransomware had encrypted critical systems across multiple terminals, disrupting fuel distribution for days. The virus didn't exploit some exotic zero-day vulnerability. It walked through the

Carl B. Johnson Aug 23, 2022 6 min read
Cybersecurity

Cybersecurity in 2022: What Actually Works Now

The Breach That Should Have Changed Everything In March 2022, the Lapsus$ group breached Okta, Microsoft, Samsung, and Nvidia in rapid succession — not by deploying sophisticated zero-day exploits, but by buying stolen credentials, social engineering help desk employees, and exploiting MFA fatigue. A group reportedly led by teenagers embarrassed some

Carl B. Johnson Aug 23, 2022 7 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2022

In March 2022, Okta confirmed that the Lapsus$ threat actor group had accessed an internal support engineer's laptop — and the fallout rippled across the entire identity management industry. The breach didn't start with a sophisticated zero-day exploit. It started with compromised credentials. That single detail tells

Carl B. Johnson Aug 11, 2022 7 min read
IT Security

IT Security in 2022: What Actually Stops Breaches

In March 2022, the Lapsus$ threat actor group breached Okta, Microsoft, Nvidia, and Samsung — not by exploiting sophisticated zero-day vulnerabilities, but by buying stolen credentials and socially engineering employees. A teenager-led group dismantled the IT security of some of the most well-resourced technology companies on the planet. If that doesn&

Carl B. Johnson Aug 11, 2022 7 min read
Jobs Computer Security

Jobs in Computer Security: Your 2022 Career Guide

3.5 Million Open Positions and Counting Cybersecurity Ventures projected 3.5 million unfilled cybersecurity jobs globally by the end of 2021 — and as of mid-2022, we're not even close to filling them. The (ISC)² 2021 Cybersecurity Workforce Study pegged the global workforce gap at 2.72 million

Carl B. Johnson Jul 30, 2022 7 min read
Computer Security Security

Computer Security Security: Layers That Actually Work

In March 2022, Okta confirmed that the Lapsus$ threat actor group had breached a third-party support engineer's laptop and accessed internal systems. The attack didn't exploit some exotic zero-day vulnerability. It started with compromised credentials — a single point of failure in what should have been a

Carl B. Johnson Jul 30, 2022 7 min read
Web Security Best Practices

Web Security Best Practices That Actually Stop Breaches

In March 2022, the Lapsus$ group breached Okta by compromising a third-party support engineer's laptop — and suddenly, thousands of organizations realized their web security posture was only as strong as their weakest vendor's. That single incident forced a reckoning across the industry. If your organization runs

Carl B. Johnson Jul 30, 2022 7 min read
Computer Security Companies

Computer Security Companies: What They Won't Tell You

The Blind Spot That Computer Security Companies Sell Around In March 2022, Okta — one of the most prominent identity management vendors in the world — confirmed that the Lapsus$ threat actor group had compromised a third-party support engineer's laptop and accessed internal systems. An identity security company, breached through

Carl B. Johnson Jul 30, 2022 7 min read
Cyber Security

Cyber Security Basics That Stop 90% of Attacks

The Breach That Started With a Single Password In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the Eastern United States. The attackers used a stolen VPN credential — no multi-factor authentication, no zero trust architecture, just one reused password. That's

Carl B. Johnson Jul 30, 2022 6 min read