Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Cyber Incident Reporting

How to Report a Cyber Incident: A Step-by-Step Guide

The Colonial Pipeline Attack Changed Incident Reporting Forever In May 2021, the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast. The company paid a $4.4 million ransom. But here's what most people missed: Colonial Pipeline reported the incident to the FBI

Carl B. Johnson Jan 18, 2022 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In December 2020, a former Cisco employee pleaded guilty to accessing the company's cloud infrastructure and deleting 456 virtual machines, wiping out 16,000 Webex Teams accounts. He'd left the company months earlier. His credentials still worked. That single insider incident cost Cisco roughly $2.4

Carl B. Johnson Jan 15, 2022 6 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

One Cost the Company $3.4 Billion. The Other Just Forgot to Lock the Door. In 2020, a former Ubiquiti employee launched a devastating attack against his own employer — stealing proprietary data, attempting extortion, and then posing as a whistleblower to tank the company's stock. That's

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2022

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised VPN credential gave attackers the keys to the kingdom. One password. No multi-factor authentication. No segmentation between IT and operational technology networks. The attackers from the DarkSide group walked through a flat network like it

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2022

The Colonial Pipeline Made "Never Trust, Always Verify" a Boardroom Priority In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom — and the real costs ran far deeper. The attack exploited a legacy

Carl B. Johnson Jan 15, 2022 7 min read
Remote Work Cybersecurity Tips

Remote Work Cybersecurity Tips That Actually Work

In July 2021, a remote employee at a Florida IT management firm clicked a link that looked like a routine software update. Within hours, the REvil ransomware gang had compromised Kaseya's VSA platform and cascaded the attack to an estimated 1,500 downstream businesses. The initial foothold? A

Carl B. Johnson Jan 15, 2022 6 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A Practical Defense Guide

The Breach That Started on a Kitchen Table In December 2020, a SolarWinds contractor working from home reportedly used the password "solarwinds123" on a critical server. That single weak credential contributed to one of the most devastating supply chain attacks in history, compromising at least nine U.S.

Carl B. Johnson Jan 15, 2022 7 min read