Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

A Single Email Cost This Company $47 Million In 2015, Ubiquiti Networks disclosed that threat actors used a CEO fraud email scam to trick finance employees into wiring $46.7 million to overseas accounts controlled by attackers. The emails looked like routine requests from senior executives. No malware was involved.

Carl B. Johnson Aug 20, 2019 8 min read
Executive Phishing Attacks

Executive Phishing Attacks: Why the C-Suite Is Target #1

The CEO Who Wired $47 Million to a Threat Actor In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the company's CEO via email and convinced an employee in the finance department to transfer funds for a fake acquisition project. The CEO

Carl B. Johnson Aug 14, 2019 7 min read
Vendor Risk Management

Vendor Risk Management Cybersecurity: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability compromised over 2,600 organizations and exposed the data of more than 77 million individuals — not because those organizations had weak security, but because a single vendor did. Companies like Ernst & Young, the BBC,

Carl B. Johnson Aug 14, 2019 7 min read
Dark Web

What Is the Dark Web? A Security Pro's Real Guide

Your Employees' Passwords Are Probably Already There In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — and a significant share of that activity traces back to credentials and data traded on dark web marketplaces. If you&

Carl B. Johnson Jul 25, 2019 6 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: Where Your Passwords End Up

In January 2024, a massive dataset known as the "Mother of All Breaches" surfaced containing 26 billion records — credentials scraped, aggregated, and repackaged from hundreds of previous data breaches. Usernames. Passwords. Email addresses. All of it sitting on dark web forums, available to anyone willing to pay. If

Carl B. Johnson Jul 25, 2019 7 min read
Malware

What Is Malware? A Security Pro's Field Guide for 2026

In 2023, the FBI's Internet Crime Complaint Center (IC3) received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase from the year before. A massive share of those incidents started with a single piece of malicious software landing on someone's machine.

Carl B. Johnson Jul 20, 2019 7 min read
Types of Malware

Types of Malware: What Every Organization Must Know

In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — and malware was the engine behind a staggering number of those incidents. I've worked incident response cases where a single malware infection spiraled into a multi-million-dollar

Carl B. Johnson Jul 20, 2019 6 min read