Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a finance employee at a Hong Kong multinational wired $25 million to threat actors after clicking a single link in what appeared to be a routine email from the company's CFO. That link led to a deepfake video call — but it started with something deceptively

Carl B. Johnson May 18, 2026 6 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2026

When Colonial Pipeline paid $4.4 million in ransom after a single compromised password shut down fuel delivery across the Eastern Seaboard, it wasn't a failure of exotic technology. It was a failure of fundamentals — the exact fundamentals the NIST Cybersecurity Framework was designed to address. I'

Carl B. Johnson May 18, 2026 6 min read
Spoofing Caller

Spoofing Caller Attacks: How Criminals Fake Numbers

The IRS Call That Cost a Hospital $1.5 Million A CFO at a mid-sized hospital picked up the phone. The caller ID showed the IRS main line. The voice on the other end was professional, urgent, and specific — citing the organization's actual EIN and a pending audit.

Carl B. Johnson May 17, 2026 5 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

The Threat Already Inside Your Network In 2023, Tesla disclosed that two former employees had leaked the personal data of more than 75,000 workers to a German news outlet. It wasn't a sophisticated hack. It wasn't a nation-state threat actor. It was people who already

Carl B. Johnson May 17, 2026 5 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

A Castle With No Walls Left to Defend In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard had compromised executive email accounts — not by breaching a firewall, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. The attackers moved laterally for weeks before detection.

Carl B. Johnson May 15, 2026 5 min read
Ransomware Attack Prevention

Ransomware Attack Prevention: What Actually Works in 2026

A Single Click Cost Change Healthcare $22 Million in Ransom In February 2024, the BlackCat/ALPHV ransomware group crippled Change Healthcare — a company processing roughly one-third of all U.S. health claims. UnitedHealth Group confirmed paying a $22 million ransom. Patient data for over 100 million individuals was compromised. The

Carl B. Johnson May 14, 2026 5 min read
Cyber Incident Response Steps

Cyber Incident Response Steps That Actually Work

The Breach That Exposed a Missing Playbook In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack gave threat actors access to critical systems. The attackers called the help desk, impersonated an employee, and got in. What made the damage so severe wasn't just

Carl B. Johnson May 14, 2026 5 min read
Insider Threats

Malicious Insider vs Negligent Insider: The Real Threat

One Employee Stole Data. The Other Just Clicked a Link. Both Cost Millions. In 2022, a former Amazon employee was convicted for her role in the Capital One breach that exposed over 100 million customer records. That same year, the Verizon Data Breach Investigations Report found that 82% of breaches

Carl B. Johnson May 13, 2026 5 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

In March 2024, a finance employee at a multinational firm wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. The attack started with a single phishing email. That one message opened the door to a loss most companies would never recover

Carl B. Johnson May 13, 2026 5 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Miss

The $350 Million Typo in Verizon's Yahoo Deal When Verizon acquired Yahoo in 2017, the discovery of two massive data breaches — affecting all 3 billion Yahoo accounts — knocked $350 million off the purchase price. That's not a rounding error. That's what happens when cybersecurity

Carl B. Johnson May 12, 2026 5 min read