Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now #1 Target

Your Employees' Phones Are the Weakest Link In March 2024, MGM Resorts was still dealing with the fallout of a social engineering attack that started with a simple phone call. But here's what most people missed in the post-incident analysis: the reconnaissance that made that attack possible

Carl B. Johnson May 29, 2026 5 min read
Fake Mail

Fake Mail: How Threat Actors Exploit Your Inbox in 2026

The $4.88 Million Problem Sitting in Your Inbox Right Now In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — essentially sophisticated fake mail — cost victims over $2.9 billion in a single year. That wasn't a spike. It was a trend.

Carl B. Johnson May 28, 2026 5 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Defenses That Work in 2026

In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by a ransomware attack that disrupted pharmacy operations, delayed patient care, and ultimately cost UnitedHealth Group an estimated $872 million in the first quarter alone. The attack vector? Stolen credentials and the

Carl B. Johnson May 28, 2026 5 min read
Computer Security Advice

Computer Security Advice That Actually Works in 2026

In 2024, the FBI's Internet Crime Complaint Center received over 859,000 complaints with losses exceeding $16.6 billion — a 33% increase from the year before. That number isn't slowing down in 2026. I've spent years watching organizations and individuals make the same preventable

Carl B. Johnson May 27, 2026 5 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, pretended to be an employee, and talked their way into a password reset. No malware. No zero-day exploit. Just a phone call and a convincing story. That single incident shut down slot machines,

Carl B. Johnson May 26, 2026 6 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: What Happens After a Breach

In June 2024, researchers at SpyCloud reported that over 17.3 billion credentials were circulating on underground marketplaces. That's not a theoretical number from a think tank. That's the real inventory of stolen credentials on the dark web — usernames, passwords, session tokens, and API keys — available

Carl B. Johnson May 25, 2026 5 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Skip

The $350 Million Oversight Nobody Saw Coming When Verizon acquired Yahoo in 2017, two previously undisclosed breaches affecting all 3 billion Yahoo accounts forced a $350 million price reduction. That's what happens when cybersecurity due diligence fails at the highest level. The breaches had already happened. The data

Carl B. Johnson May 25, 2026 5 min read
Phish Tour

Phish Tour: Mapping the Anatomy of a Phishing Attack

Welcome to the Phish Tour: How a Single Email Becomes a Full-Blown Breach In March 2023, the FBI's IC3 received over 298,000 complaints related to phishing schemes — more than any other cybercrime category by a wide margin. That number has only climbed since. Yet most people still

Carl B. Johnson May 24, 2026 5 min read
Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a single phishing link in a spoofed Microsoft 365 email gave attackers access to the email accounts of several U.S. State Department employees. The link looked like a routine password-reset page. It wasn't. That one click led to weeks of unauthorized access before anyone

Carl B. Johnson May 23, 2026 5 min read