Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Define Cyber

Define Cyber: What Security Pros Actually Mean

The Word Everyone Uses But Few Can Explain In March 2024, the FBI's Internet Crime Complaint Center (IC3) released its 2023 annual report showing $12.5 billion in reported cybercrime losses — a 22% jump from the year before. Politicians, news anchors, and boardroom executives all toss around the

Carl B. Johnson May 04, 2024 6 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets You Hacked

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That attack didn't start with a mass spam blast. It started with a carefully researched, individually targeted spear phishing email.

Carl B. Johnson May 02, 2024 6 min read
Smishing Attacks

Smishing Attack Examples: Real Texts That Stole Millions

In February 2024, the FBI warned that threat actors stole over $10 billion through internet-enabled fraud in 2023 — and SMS-based phishing, commonly called smishing, was one of the fastest-growing attack vectors cited in the FBI IC3 annual report. If you think smishing is just a nuisance text from a fake

Carl B. Johnson Apr 08, 2024 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why "Free" Costs More

In January 2024, Microsoft disclosed that the Russian threat actor group Midnight Blizzard had breached corporate email accounts — not through some exotic zero-day exploit, but through a password spray attack on a legacy test account that lacked multi-factor authentication. One of the most well-resourced technology companies on the planet got

Carl B. Johnson Feb 28, 2024 7 min read
Ransomware Protection Tips

Ransomware Protection Tips That Actually Work in 2024

MGM Resorts lost an estimated $100 million from a single ransomware attack in September 2023. The entry point? A social engineering call to the help desk that lasted about ten minutes. That's all it took for the Scattered Spider threat actor group to cripple slot machines, hotel check-in

Carl B. Johnson Feb 09, 2024 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had breached executive email accounts — not through some exotic zero-day exploit, but through a simple password spray attack on a legacy test account that lacked multi-factor authentication. If Microsoft can get caught flat-footed, your organization

Carl B. Johnson Feb 09, 2024 6 min read
Data Breach Response Plan

Data Breach Response Plan: What Actually Works in 2024

When MGM Resorts got hit in September 2023, the chaos lasted ten days. Hotel room keys stopped working. Slot machines went dark. Reservation systems crashed. The estimated cost topped $100 million. And here's the part that stings — the initial compromise reportedly started with a social engineering call to

Carl B. Johnson Jan 22, 2024 8 min read
Data Breach Reporting

How to Report a Data Breach: A Step-by-Step Guide

In September 2023, MGM Resorts lost an estimated $100 million after a social engineering attack compromised its systems. But the financial damage from the breach itself was only part of the story. The chaos that followed — delayed notifications, regulatory scrutiny, class-action lawsuits — showed exactly what happens when an organization fumbles

Carl B. Johnson Jan 22, 2024 7 min read