Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Okta, Microsoft, Samsung, and Nvidia in rapid succession. Their primary weapon wasn't a sophisticated zero-day exploit. It was employee cybersecurity training failures: stolen credentials, SIM swapping, and social engineering attacks that targeted the humans sitting

Carl B. Johnson Apr 04, 2022 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

Last October, while organizations across the country were hanging "Think Before You Click" posters in their break rooms, the FBI's Internet Crime Complaint Center was logging over 847,000 complaints representing nearly $7 billion in losses for 2021. That's roughly a 7% increase in

Carl B. Johnson Mar 21, 2022 7 min read
Ransomware

What Is Ransomware? A Practical Defense Guide for 2022

In February 2022, Nvidia — one of the largest chip manufacturers on the planet — confirmed it was hit by a ransomware attack. The threat actor group Lapsus$ claimed they stole over a terabyte of proprietary data and began leaking employee credentials and source code. If a company with Nvidia's

Carl B. Johnson Mar 21, 2022 7 min read
Ransomware Prevention

How to Prevent Ransomware: A Practical Defense Guide

The Colonial Pipeline Attack Changed Everything In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid DarkSide operators $4.4 million in Bitcoin — and even after paying, it took days to restore operations. Fuel shortages hit the East Coast. Panic

Carl B. Johnson Mar 21, 2022 7 min read
Ransomware Recovery

Ransomware Recovery Steps: A Practical Guide for 2022

Colonial Pipeline Taught Us What Happens Without a Plan In May 2021, Colonial Pipeline paid $4.4 million in ransom after a single compromised password shut down fuel delivery across the Eastern United States. The company had backups. They had resources. They still paid — because their ransomware recovery steps weren&

Carl B. Johnson Mar 18, 2022 7 min read
Ransomware Examples

Ransomware Examples: What 2022 Attacks Teach Us

In May 2021, Colonial Pipeline paid $4.4 million in ransom after a single compromised password shut down fuel delivery across the Eastern United States. Months later, meat processor JBS paid $11 million to resume operations. If you searched for ransomware examples hoping to understand what these attacks actually look

Carl B. Johnson Mar 18, 2022 7 min read
Ransomware

How Ransomware Spreads: 6 Attack Vectors You Must Know

In February 2022, the FBI and CISA issued a joint advisory warning that ransomware incidents against 14 of 16 U.S. critical infrastructure sectors had increased dramatically. That advisory wasn't theoretical — it followed real attacks against water treatment facilities, hospitals, and food processors. If you're searching

Carl B. Johnson Mar 18, 2022 7 min read