Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The FTC Just Fined a Company $1.5 Million — Here's What They Missed In 2023, the FTC finalized its order against Chegg, Inc. for repeated data breaches that exposed personal information of roughly 40 million customers and employees. The company's failures weren't exotic. They
In 2024, the average cost of a data breach in the financial sector hit $6.08 million — the second-highest of any industry, trailing only healthcare. That number comes straight from IBM's Cost of a Data Breach Report. I've spent years working with banks, credit unions, and
Why Threat Actors Treat Law Firms Like ATMs In 2023, the international law firm Bryan Cave Leighton Paisner disclosed a breach that exposed the personal data of over 51,000 individuals — including clients of major corporations like Mondelēz. That same year, an Am Law 100 firm paid a multimillion-dollar ransom
The Breach That Cost a Children's Charity Everything In 2023, Save the Children International confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with substantial resources still
A Single Misconfigured S3 Bucket Exposed 3 Billion Records In 2023, researchers at Cybernews discovered what they called one of the largest data exposures ever — over 3 billion records sitting in an open cloud storage instance. No sophisticated hack. No zero-day exploit. Just a misconfigured Amazon S3 bucket with public
A Single Misconfigured Bucket Cost Them Everything In 2023, Toyota disclosed that a cloud misconfiguration had exposed the vehicle location data of 2.15 million customers for over a decade. The root cause wasn't a sophisticated threat actor. It was a single storage bucket set to public instead
The Text Message That Cost a Company $15 Million In 2022, Twilio disclosed a breach that started with a simple SMS message. Employees received text messages impersonating the IT department, directing them to a fake login page. Several entered their credentials. That single vector — mobile phishing attacks delivered via text
In 2019, a penetration tester hired by the state of Iowa walked into a locked courthouse after hours by simply following an employee through a secure door. He was arrested — even though the state had authorized the test. The incident made national headlines and exposed a painful truth: your firewalls,
A few years ago, a journalist filmed himself reading credit card numbers, PINs, and passwords off the screens of commuters on a London train. No malware. No exploit kit. Just a pair of eyes and a decent camera phone. That's a shoulder surfing attack in its simplest form
The Unlocked Filing Cabinet That Cost a Hospital $3 Million In 2019, the Office for Civil Rights fined Bayfront Health St. Petersburg $85,000 for a breach involving paper records left in an unsecured location. That was a small settlement. I've seen organizations lose far more when a
