Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In December 2020, SolarWinds disclosed one of the most devastating supply chain compromises in history. But buried in the early reporting was a detail that made every security professional wince: a critical password — "solarwinds123" — had been publicly accessible on GitHub. One weak, reused, laughably simple password contributed to
The Breach That Started With "Password123" In 2020, the Verizon Data Breach Investigations Report confirmed what security professionals already suspected: over 80% of hacking-related breaches involved brute force or the use of lost or stolen credentials. That's not a typo. Four out of five breaches trace
When SolarWinds disclosed in December 2020 that threat actors had compromised their Orion software update mechanism — affecting up to 18,000 organizations including multiple U.S. government agencies — it became the most significant supply chain attack in modern history. The organizations that responded effectively didn't improvise. They followed
The SolarWinds Hack Rewrote the Playbook — While We Were Still Reading It As I write this in December 2020, the cybersecurity world is reeling from the SolarWinds supply chain compromise — arguably the most sophisticated cyber espionage campaign ever discovered against the U.S. government and private sector. It's
In July 2020, Twitter suffered one of the most visible cyber incidents of the year — a coordinated social engineering attack that compromised high-profile accounts including Barack Obama, Elon Musk, and Apple. The attackers walked away with over $100,000 in Bitcoin. But what stood out to me wasn't
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, threat actors had hijacked 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — and used them to run a Bitcoin scam. The breach didn't start with a
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker had hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — tweeting a Bitcoin scam that netted over $100,000. The most sophisticated firewall in the world wouldn&
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal tool credentials. Within hours, threat actors had hijacked high-profile accounts — Barack Obama, Elon Musk, Apple — and ran a Bitcoin scam that netted over $100,000. The breach didn't start with a zero-day exploit
A Disgruntled Engineer, a Careless Accountant, and $11.45 Billion in Losses In 2018, a former Tesla employee reportedly sabotaged the company's manufacturing systems and exfiltrated sensitive data to third parties. That same year, countless organizations bled data because an employee clicked a phishing link or misconfigured a
In July 2020, Twitter disclosed that attackers had compromised 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — by socially engineering their way past internal employees. The attackers didn't breach a firewall. They didn't exploit a zero-day vulnerability. They simply convinced insiders to hand over
