Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Business Email Compromise

Business Email Compromise: The $2.9B Threat in 2026

One Invoice, One Email, $47 Million Gone In 2024, Orion Engineering lost $47 million to a single fraudulent wire transfer. The attacker didn't hack a firewall or exploit a zero-day. They compromised a vendor's email account, inserted themselves into an ongoing invoice thread, and changed the

Carl B. Johnson Jan 19, 2020 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $25 Million In early 2024, an employee at engineering firm Arup joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The employee transferred $25 million across multiple transactions

Carl B. Johnson Jan 09, 2020 7 min read
Social Engineering Examples

Social Engineering Examples That Bypass Every Firewall

The Attack That Didn't Need a Single Line of Code In September 2022, an 18-year-old allegedly breached Uber's internal systems. The method wasn't a zero-day exploit or some sophisticated malware. It was a text message. The attacker bombarded an Uber contractor with multi-factor authentication

Carl B. Johnson Jan 09, 2020 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at Arup — the engineering firm behind the Sydney Opera House — joined a video call with what appeared to be the company's CFO and several colleagues. Every face on the screen was a deepfake. By the time anyone realized what happened, the employee

Carl B. Johnson Jan 09, 2020 7 min read
Cybersecurity Training for Employees

Cybersecurity Training for Employees: A 2026 Guide

The Breach That Started With a Single Click In January 2024, a finance department employee at a mid-size manufacturing firm opened what looked like a routine DocuSign notification. Within 72 hours, a threat actor had exfiltrated 1.2 million customer records and deployed ransomware across the company's entire

Carl B. Johnson Dec 14, 2019 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

Every October, Organizations Pretend to Care About Security Last October, a mid-sized healthcare company ran a poster campaign for Cybersecurity Awareness Month. Inspirational quotes about passwords. A lunch-and-learn nobody attended. Two weeks later, a threat actor walked through their defenses using a single phishing email that an accounts payable clerk

Carl B. Johnson Dec 14, 2019 6 min read