Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The Ransomware Epidemic Is Already Here When someone searches for ransomware examples — whether they're typing "2026" or any other year — they're really asking one question: what does a real ransomware attack look like, and how do I stop it from happening to me? I&
A Single Click Cost One Hospital $67 Million In September 2020, Universal Health Services — one of the largest healthcare providers in the U.S. — got hit by the Ryuk ransomware strain. The attack shut down systems across 400 facilities. Patients were diverted. Records went analog. The final damage? An estimated
A Hospital Paid $17 Million. Your Organization Could Be Next. In September 2020, Universal Health Services got hit with Ryuk ransomware across 400 facilities. The damage? An estimated $67 million in recovery costs and lost revenue. A few months earlier, Garmin paid a reported $10 million ransom to get its
In December 2020, SolarWinds disclosed that threat actors had compromised its Orion software platform, ultimately breaching at least nine U.S. federal agencies and over 100 private companies. The attack went undetected for months. It wasn't a zero-day exploit that got them in — it was a compromised build
In July 2020, Twitter disclosed that attackers had compromised 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — through a social engineering attack targeting employees with access to internal tools. The breach didn't involve some exotic zero-day exploit. It started with phone calls to Twitter
When SolarWinds disclosed in December 2020 that threat actors had compromised their Orion software update mechanism — infiltrating roughly 18,000 customer networks including multiple U.S. government agencies — the breach didn't just expose data. It exposed how many organizations had no real data breach response plan in place.
A Single Stolen Password Cost One Company $3.86 Million That's the average cost of a data breach in 2020, according to IBM's Cost of a Data Breach Report. And in nearly every major data breach example from recent years, the root cause wasn't
The SolarWinds Breach Just Made Notification a National Crisis In December 2020, FireEye disclosed that a sophisticated threat actor had compromised SolarWinds Orion software, giving attackers access to roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and Fortune 500 companies. Weeks later, we'
In the 2020 Verizon Data Breach Investigations Report, over 80% of hacking-related breaches involved stolen or brute-forced credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. The single thing most people treat as an afterthought is the single thing that gets most organizations compromised. Knowing how to create a strong
The Breach That Started With a Sticky Note In 2020, a senior employee at a Florida water treatment facility reportedly reused passwords across multiple systems — including the one controlling sodium hydroxide levels in the public water supply. That incident, disclosed in early February 2021, showed exactly how a single weak
