Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The Attack That Didn't Need a Single Line of Code In September 2022, an 18-year-old allegedly breached Uber's internal systems. The method wasn't a zero-day exploit or some sophisticated malware. It was a text message. The attacker bombarded an Uber contractor with multi-factor authentication
In January 2024, a finance employee at Arup — the engineering firm behind the Sydney Opera House — joined a video call with what appeared to be the company's CFO and several colleagues. Every face on the screen was a deepfake. By the time anyone realized what happened, the employee
The Breach That Started With a Single Click In January 2024, a finance department employee at a mid-size manufacturing firm opened what looked like a routine DocuSign notification. Within 72 hours, a threat actor had exfiltrated 1.2 million customer records and deployed ransomware across the company's entire
Every October, Organizations Pretend to Care About Security Last October, a mid-sized healthcare company ran a poster campaign for Cybersecurity Awareness Month. Inspirational quotes about passwords. A lunch-and-learn nobody attended. Two weeks later, a threat actor walked through their defenses using a single phishing email that an accounts payable clerk
The Breach That Cost a 12-Person Company Everything In 2023, a small accounting firm in Sacramento lost access to every client file it had. A single employee clicked a link in what looked like a DocuSign notification. Within four hours, ransomware had encrypted the entire network. The ransom demand was
The Breach That Bankrupted a 40-Person Company In 2023, a small accounting firm in Sacramento lost every client record it had. A single employee clicked a phishing link disguised as a DocuSign notification. Within 72 hours, a threat actor had deployed ransomware across the entire network. The firm paid $350,
A $4.88 Million Problem That Slides Right Past Your Firewall IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. The leading initial attack vector? Phishing and stolen credentials — both of which target people, not servers. Yet most organizations
The Accountant Who Cost Her Company $2.3 Million She wasn't careless. She wasn't stupid. She was a 15-year veteran of her firm's finance department, and she followed what she thought was a legitimate email from the CEO asking for an urgent wire transfer.
The $1.1 Billion Problem You Can't Afford to Ignore In 2023, ransomware payments exceeded $1.1 billion globally, according to Chainalysis. That number only captured what was paid — not the downtime, legal fees, regulatory penalties, or permanent reputational damage. I've worked with organizations that survived
In May 2021, Colonial Pipeline paid a $4.4 million ransom to the DarkSide threat actor group after a single compromised password shut down fuel distribution across the U.S. East Coast. Gas stations ran dry. Panic buying erupted. And one of the most critical infrastructure networks in the country
