Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Computer Security Advice

Computer Security Advice That Actually Works in 2026

A school district in Arizona lost $3.5 million in January 2024 after a single employee followed a spoofed email's wire transfer instructions. No malware. No sophisticated zero-day exploit. Just one person who didn't recognize a social engineering attack. That's why most computer security

Carl B. Johnson Jun 12, 2026 5 min read
Types of Malware

Types of Malware: What Every Organization Must Know

In February 2024, Change Healthcare — one of the largest health payment processors in the U.S. — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted claims processing for hospitals and pharmacies nationwide, exposed protected health information for an estimated 100 million people, and reportedly led to a $22

Carl B. Johnson Jun 12, 2026 6 min read
Spoofing Caller

Spoofing Caller Attacks: How Hackers Weaponize Trust

Your Bank Just Called. Except It Didn't. In 2023, the FBI's Internet Crime Complaint Center reported over $1.2 billion in losses from call center fraud and impersonation scams. A significant chunk of those losses started the same way: a spoofing caller displaying a legitimate number

Carl B. Johnson Jun 12, 2026 5 min read
Business Email Compromise

Business Email Compromise: The $2.9 Billion Threat

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that business email compromise caused $2.9 billion in adjusted losses — making it the single most financially devastating cybercrime category they track. Not ransomware. Not credential theft rings. BEC. And that number only reflects what gets reported. I&

Carl B. Johnson Jun 11, 2026 5 min read
Data Breach Examples 2026

Data Breach Examples 2026: Lessons from Real Attacks

In January 2026, a major U.S. healthcare network disclosed that threat actors had exfiltrated over 3 million patient records after compromising a single employee's credentials through a phishing email. It wasn't sophisticated malware. It wasn't a zero-day. It was a fake password-reset page.

Carl B. Johnson Jun 11, 2026 5 min read
Cloud Storage Security Risks

Cloud Storage Security Risks Your Team Is Ignoring

A Single Misconfigured S3 Bucket Exposed 540 Million Facebook Records Back in 2019, researchers at UpGuard discovered that two third-party Facebook app developers had left hundreds of millions of user records sitting in publicly accessible Amazon S3 buckets. No hacking required. No sophisticated exploit. Just wide-open cloud storage that anyone

Carl B. Johnson Jun 10, 2026 5 min read
Ransomware Examples 2026

Ransomware Examples 2026: Attacks Reshaping Security

The Ransom Note Has Changed — And So Should Your Defenses In January 2026, the FBI's Internet Crime Complaint Center (IC3) warned that ransomware complaints surged again year over year, with losses from reported incidents climbing into the billions. If you think ransomware peaked a few years ago, I

Carl B. Johnson Jun 09, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How Attackers Exploit Trust

A Legitimate Invoice From PayPal — That's Also a Scam In late 2024, security researchers at Avanan documented a campaign where threat actors sent real PayPal invoices to victims — not spoofed emails, not lookalike domains, but actual invoices generated through PayPal's own platform. The emails passed every

Carl B. Johnson Jun 09, 2026 5 min read
BYOD Security Risks

BYOD Security Risks: What Your Policy Is Missing

In 2023, a single employee's personal phone led to one of the most damaging casino breaches in history. Threat actors used social engineering to compromise MGM Resorts, and the attack vector started with a device the company didn't fully control. The resulting disruption cost MGM over

Carl B. Johnson Jun 08, 2026 5 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

The Email That Cost One Company $100 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of spear phishing — accounted for over $2.9 billion in adjusted losses. That wasn't a typo. Billions. And those are just the cases

Carl B. Johnson Jun 07, 2026 5 min read