Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Phishing Awareness Training

Phishing Awareness Training: Why 82% of Breaches Start Here

The 2022 Verizon Data Breach Investigations Report landed last month, and one number should keep every business owner awake at night: 82% of breaches involved the human element. Phishing, stolen credentials, pretexting, human error — threat actors aren't picking locks. They're asking your employees to hold the

Carl B. Johnson May 26, 2022 7 min read
Phishing Email

How to Recognize a Phishing Email Before You Click

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most complained-about cybercrime in 2021, with over 323,000 victims — more than double the number from just two years prior. That stat doesn't surprise me. What surprises me is how many

Carl B. Johnson May 25, 2022 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of spear phishing — caused $2.4 billion in adjusted losses in 2021 alone. That dwarfs every other cybercrime category. Meanwhile, broad phishing campaigns still top the list as the most common attack

Carl B. Johnson May 25, 2022 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: What Actually Works

The 82% Problem Nobody Wants to Own The 2022 Verizon Data Breach Investigations Report found that 82% of breaches involved a human element — phishing, stolen credentials, misuse, or simple error. That number has barely budged in years. And yet most organizations still treat cybersecurity awareness training as a checkbox exercise:

Carl B. Johnson Apr 04, 2022 8 min read
Cybersecurity Training for Employees

Cybersecurity Training for Employees: A Practical Guide

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Microsoft, Nvidia, Samsung, and Okta. They didn't use sophisticated zero-day exploits. They used social engineering. They bought credentials. They tricked employees. And they walked through the front door of some of the most well-resourced security

Carl B. Johnson Apr 04, 2022 6 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2022

One Click Cost This Company Everything In March 2022, a single employee at Nvidia clicked something they shouldn't have. The Lapsus$ threat actor group walked away with over a terabyte of proprietary data, including employee credentials and source code. Nvidia isn't a small shop with weak

Carl B. Johnson Apr 04, 2022 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

The Breach That Started With a Single Stolen Password In May 2021, a single compromised password shut down fuel distribution across the Eastern United States. The Colonial Pipeline ransomware attack disrupted gas supplies for days and cost the company a $4.4 million ransom payment. The root cause? A legacy

Carl B. Johnson Mar 18, 2022 6 min read
Data Breach Reporting

How to Report a Data Breach: A Step-by-Step Guide

The Breach Nobody Reported — Until It Was Too Late In 2020, the health insurer Anthem agreed to pay $39.5 million to settle claims with 43 state attorneys general over a 2015 data breach affecting nearly 79 million people. The breach itself was devastating. But the lawsuits and regulatory actions

Carl B. Johnson Feb 24, 2022 7 min read
Password Security Best Practices

Password Security Best Practices That Actually Work

The 61% Problem You're Probably Ignoring The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credential data. Not sophisticated zero-day exploits. Not nation-state malware. Stolen, weak, or reused passwords. That single statistic should reshape how your organization thinks about password security best practices

Carl B. Johnson Feb 24, 2022 6 min read