Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In 2020, a teenager and two accomplices convinced a Twitter employee they were from the company's IT department. That single phone call gave them access to internal tools, which they used to hijack 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — netting over $100,
The Click That Cost One Hospital $67 Million In 2020, Universal Health Services suffered a Ryuk ransomware attack that disrupted operations across 400 facilities for weeks. The estimated cost? $67 million. The entry point? An employee who interacted with a malicious payload. This wasn't a sophisticated zero-day exploit.
One Month Won't Save You — But It Can Start Something That Does In October 2020, during Cybersecurity Awareness Month, a major hospital chain — Universal Health Services — was fighting off one of the largest ransomware attacks in U.S. healthcare history. The Ryuk ransomware hit over 400 facilities. Staff
In 2020, the FBI's Internet Crime Complaint Center received 791,790 complaints — a 69% increase over 2019 — with reported losses exceeding $4.2 billion. Small businesses absorbed a disproportionate share of that damage. The Verizon 2020 Data Breach Investigations Report found that 28% of data breaches involved small
In 2020, a 10-person accounting firm in Oregon lost $1.2 million after an employee clicked a single phishing link. The attacker impersonated the firm's bank, harvested credentials, and drained operating accounts over a weekend. No malware. No Hollywood hacking. Just one untrained employee and a well-crafted email.
The Receptionist Who Handed Over the Keys to the Kingdom In 2020, a Twitter employee received a phone call from someone claiming to be from the company's IT department. That single social engineering call — combined with a handful of others — led to the compromise of 130 high-profile accounts,
The Attack That Shut Down a Pipeline — and a Wake-Up Call for Everyone In February 2020, the Cybersecurity and Infrastructure Security Agency (CISA) published an alert after a ransomware attack forced a natural gas compression facility to shut down for two full days. The threat actor got in through a
In February 2021, Kia Motors America was hit with a ransomware attack reportedly demanding $20 million in Bitcoin. Customers couldn't access dealer portals. Internal systems went dark. The company spent days scrambling to restore operations. This wasn't an isolated event — it was the latest in a
The Attack That Cost a Pipeline — and a Country's Fuel Supply In May 2021, Colonial Pipeline shut down 5,500 miles of fuel infrastructure after a ransomware attack crippled its operations. Millions of Americans panic-bought gasoline. The company paid $4.4 million in Bitcoin to the DarkSide threat
The Colonial Pipeline Wasn't the Wake-Up Call — Your Last Backup Test Was In February 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued renewed guidance on ransomware after a string of attacks against hospitals, schools, and local governments. The FBI's Internet Crime Complaint Center reported that
