Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Stolen Credentials

Stolen Credentials Dark Web: How Your Logins Get Sold

In 2024, the FBI's Internet Crime Complaint Center reported losses exceeding $16 billion from cybercrime — and compromised credentials were the gateway for a staggering number of those incidents. Right now, billions of username-and-password combinations sit on dark web marketplaces, priced anywhere from $1 to $500 depending on what

Carl B. Johnson Jun 05, 2026 5 min read
Ransomware

How Ransomware Spreads: 7 Paths Into Your Network

In February 2024, Change Healthcare — the largest medical claims processor in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted billing systems at hospitals and pharmacies nationwide for weeks. The entry point? Stolen credentials used on a remote access portal that lacked multi-factor authentication. One

Carl B. Johnson Jun 05, 2026 5 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

A Single Click Cost One Hospital $28 Million In 2024, Change Healthcare — a unit of UnitedHealth Group — suffered a ransomware attack that started with compromised credentials and insufficient access controls. The fallout disrupted healthcare claims across the United States for weeks. The company paid a $22 million ransom, and total

Carl B. Johnson Jun 04, 2026 5 min read
Zero Trust

What Is Zero Trust? A Security Model That Actually Works

In 2020, threat actors compromised SolarWinds' Orion software and used it to breach dozens of U.S. government agencies. The attackers moved laterally through networks for months because once they were inside the perimeter, those networks trusted them. That single breach rewrote how the federal government thinks about network

Carl B. Johnson Jun 03, 2026 5 min read
Fake Email

Fake Email: How to Spot, Stop, and Survive One

A Single Fake Email Cost Facebook and Google $100 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, attached fraudulent invoices, and directed payments to bank accounts he controlled.

Carl B. Johnson Jun 03, 2026 6 min read
Strong Passwords

Strong Password Examples That Actually Stop Hackers

The 6-Character Password That Cost a Company $4.88 Million IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. In my experience analyzing post-breach forensics, weak or reused passwords remain the single most common entry point for threat actors.

Carl B. Johnson May 31, 2026 5 min read
Shadow IT

What Is Shadow IT? The Hidden Risk You Can't Ignore

In 2023, a financial services employee signed up for an unsanctioned file-sharing app using their corporate email. Within weeks, a threat actor exploited a vulnerability in that app and exfiltrated 11,000 customer records. The security team didn't even know the app existed. That's shadow IT

Carl B. Johnson May 30, 2026 5 min read
Social Engineering Attacks

Social Engineering Attacks: Why Humans Are the #1 Target

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a single phone call. The attacker impersonated an employee, convinced the help desk to reset credentials, and within hours had burrowed deep enough to deploy ransomware

Carl B. Johnson May 30, 2026 6 min read
Cybersecurity for Law Firms

Cybersecurity for Law Firms: A Practical Guide

In November 2023, the international law firm Allen & Overy confirmed it was hit by a LockBit ransomware attack. Weeks earlier, a midsize firm in the southeastern U.S. paid a seven-figure ransom after a threat actor encrypted every client file on its network — and the firm never made headlines

Carl B. Johnson May 29, 2026 5 min read