Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $150 Investment vs. a $4.24 Million Breach In March 2021, CNA Financial — one of the largest insurance companies in the U.S. — paid a reported $40 million ransom after a ransomware attack that started with a single employee interaction. That's not a typo. Forty million dollars

Carl B. Johnson Nov 28, 2021 7 min read
CEO Fraud Email Scam

CEO Fraud Email Scam: How to Stop It Cold

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — generated $1.8 billion in reported losses in 2020 alone. That made it the single most financially damaging cybercrime category in the entire IC3 report,

Carl B. Johnson Oct 01, 2021 7 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Skip

When Marriott acquired Starwood Hotels in 2016, the deal looked solid on paper. Two years later, Marriott disclosed that hackers had been inside Starwood's reservation system since 2014 — exposing the personal data of up to 500 million guests. The breach predated the acquisition. The liability didn't.

Carl B. Johnson Sep 23, 2021 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: How Your Logins Get Sold

In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the

Carl B. Johnson Sep 23, 2021 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A Field Guide

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise and identity theft schemes cost U.S. organizations over $4.2 billion in 2020 alone — making it the single most expensive category of cybercrime. That number isn't slowing down. If you run

Carl B. Johnson Sep 16, 2021 7 min read
Malware

What Is Malware? A Security Pro's Real-World Guide

The Colonial Pipeline Attack Changed Everything In May 2021, a single compromised password led to the most disruptive cyberattack on U.S. critical infrastructure in history. DarkSide ransomware shut down Colonial Pipeline's 5,500-mile fuel system, triggering gas shortages across the eastern seaboard. The company paid a $4.

Carl B. Johnson Sep 16, 2021 7 min read