Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability compromised over 2,600 organizations and exposed the data of more than 77 million individuals — not because those organizations had weak security, but because a single vendor did. Companies like Ernst & Young, the BBC,
Your Employees' Passwords Are Probably Already There In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — and a significant share of that activity traces back to credentials and data traded on dark web marketplaces. If you&
In January 2024, a massive dataset known as the "Mother of All Breaches" surfaced containing 26 billion records — credentials scraped, aggregated, and repackaged from hundreds of previous data breaches. Usernames. Passwords. Email addresses. All of it sitting on dark web forums, available to anyone willing to pay. If
A Single Password Got Them Into the Colonial Pipeline In May 2021, a single compromised password on an inactive VPN account gave the DarkSide ransomware group access to Colonial Pipeline's network. There was no multi-factor authentication on that account. The attackers didn't need a sophisticated zero-day
A Single Stolen Password Cost One Company $60 Million In 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering to take over an employee's account through a help desk call. The attackers didn't hack a firewall. They didn't
A Single Stolen W-2 Cost This Company $1.6 Million In 2023, a mid-size manufacturing firm in Ohio lost control of every employee's W-2 data after one payroll clerk fell for a CEO impersonation email. The threat actor filed fraudulent tax returns before anyone noticed. The cleanup — credit
In 2023, the FBI's Internet Crime Complaint Center (IC3) received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase from the year before. A massive share of those incidents started with a single piece of malicious software landing on someone's machine.
In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — and malware was the engine behind a staggering number of those incidents. I've worked incident response cases where a single malware infection spiraled into a multi-million-dollar
The Fake Invoice That Cost a Hospital System $28 Million In 2024, Ascension Health — one of the largest healthcare systems in the United States — suffered a devastating ransomware attack that disrupted operations across 140 hospitals. The initial entry vector? A malicious file that an employee downloaded, believing it to be
In 2018, British Airways disclosed a breach that exposed the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting exploit. The UK's Information Commissioner's Office initially proposed a
