Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Home Computer Security

How Can You Protect Your Home Computer in 2022

In March 2022, the FBI's Internet Crime Complaint Center reported that Americans lost over $6.9 billion to cybercrime in 2021 — a 64% increase from the year before. A staggering number of those victims weren't Fortune 500 companies. They were regular people, sitting at home computers,

Carl B. Johnson Jul 30, 2022 7 min read
Computer Security Service

Computer Security Service: What Actually Works in 2022

The Colonial Pipeline Fallout Changed Everything About How We Buy Security One year ago, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid $4.4 million in ransom. Gas stations across the Southeast ran dry. And the FBI later confirmed that the

Carl B. Johnson Jun 20, 2022 7 min read
Cloud Computing Security

Cloud Computing Security: What Goes Wrong and How to Fix It

In April 2022, researchers at Palo Alto Unit 42 reported that nearly 99% of cloud user accounts, services, and resources grant excessive permissions — permissions that are granted but never used. That gap between what's allowed and what's needed is exactly where threat actors operate. If you&

Carl B. Johnson Jun 20, 2022 6 min read
Security in Cloud Computing

Security in Cloud Computing: What Actually Goes Wrong

In April 2022, researchers at Wiz discovered that Microsoft Azure's PostgreSQL Flexible Server had vulnerabilities allowing cross-account database access. They called it ExtraReplica, and it affected thousands of Azure databases. This wasn't a theoretical exercise — it was a real demonstration that security in cloud computing remains

Carl B. Johnson May 26, 2022 7 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

A Single Email Cost This Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. His method wasn't a zero-day exploit or cutting-edge malware. It was emails. Carefully crafted, psychologically precise emails that

Carl B. Johnson May 26, 2022 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's account — and the initial access vector was social engineering. One employee, one credential, and suddenly a company trusted by thousands of organizations was in the headlines. If you think phishing only targets

Carl B. Johnson May 25, 2022 7 min read
Phishing

What Is Phishing? A Security Pro's Field Guide

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's laptop — and the initial access vector was social engineering. A single employee interaction opened the door to a breach that rattled hundreds of downstream customers. If you're asking what is

Carl B. Johnson May 25, 2022 7 min read
Phishing Simulation Training

Phishing Simulation Training: Why 90% of Breaches Start Here

A Single Click Cost One County $1.3 Million In March 2022, Bernalillo County, New Mexico was still recovering from a ransomware attack that started with what investigators believe was a phishing email. The county had to close government buildings, delay jail proceedings, and shut down key services. The remediation

Carl B. Johnson May 25, 2022 7 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

The Phishing Email That Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that attackers used carefully crafted phishing emails to trick finance department employees into wiring $46.7 million to overseas accounts controlled by threat actors. The emails impersonated executives. They looked legitimate. And trained professionals

Carl B. Johnson May 25, 2022 7 min read