Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
Last year, a finance director at a mid-sized logistics company clicked a link in what looked like a DocuSign notification. Fourteen seconds later, a threat actor had her Microsoft 365 credentials. Within two hours, the attacker had redirected a $380,000 wire transfer to an overseas account. The link she
In 2023, the FBI's Internet Crime Complaint Center (IC3) reported over $12.5 billion in losses from internet crime — a staggering 22% increase from the year before. Behind many of these losses weren't lone hackers in basements. They were organized groups running coordinated group online svindel
A Single Phishing Email Just Cost a Healthcare System $65 Million If you follow phishing news, you already know the headlines keep getting worse. Change Healthcare's 2024 breach — triggered by compromised credentials and the absence of multi-factor authentication — led to a reported $22 billion disruption across the U.
When "Removed" Shows Up and You Don't Know Why Last month, a colleague forwarded me a screenshot from their phone. An app called "Removed" appeared in their app list, and they had no memory of installing it. Their first instinct was to Google "
A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used spear phishing emails to impersonate executives and trick finance staff into wiring $46.7 million to overseas accounts. They eventually recovered some funds, but the damage was done. That wasn't a
A Single Fake Identity Website Took Down a $200M Company's Reputation In 2023, the FBI's IC3 received over 880,000 complaints with potential losses exceeding $12.5 billion — and identity-related fraud was the single fastest-growing category. A huge chunk of that fraud starts at a fake
In March 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — much of it powered by spoofed sender addresses — cost victims over $2.9 billion in a single year. Behind many of those attacks sits a deceptively simple weapon: a fake mailer. These tools let
The Breach That Changed How I Think About Cybersecurity In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for hospitals and pharmacies across the United States. UnitedHealth Group confirmed the breach affected approximately 100 million individuals — making it one of the largest healthcare data breaches
In 2024, the average cost of a data breach hit $4.88 million globally, according to IBM's Cost of a Data Breach Report. That number didn't come from sophisticated nation-state attacks or exotic zero-days. Most of those breaches started with stolen credentials, a phishing email, or
In February 2024, Change Healthcare — one of the largest health IT companies in the United States — suffered a ransomware attack that disrupted insurance claims processing for thousands of hospitals and pharmacies nationwide. UnitedHealth Group, its parent company, later disclosed that the breach affected roughly 100 million individuals. The root cause?
