Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Define Cyber

Define Cyber: What It Actually Means for Security

In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. The Colonial Pipeline ransomware attack disrupted gas supplies across the Eastern Seaboard, triggered panic buying, and cost the company a $4.4 million ransom payment. If you ever needed a reason to define

Carl B. Johnson May 15, 2021 7 min read
NIST Standards

NIST Standards: A Practical Guide for Real Security

In April 2021, the Colonial Pipeline hadn't yet made global headlines — but the SolarWinds breach was still fresh, and the Microsoft Exchange Server vulnerabilities had just rattled tens of thousands of organizations. Every one of those incidents had something in common: the affected organizations either ignored or incompletely

Carl B. Johnson May 15, 2021 7 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2021

On May 7, 2021 — less than a week ago — Colonial Pipeline shut down 5,500 miles of fuel infrastructure after a ransomware attack that started with a single compromised credential. One password. No multi-factor authentication. An entire region's fuel supply disrupted. This is the kind of incident that

Carl B. Johnson May 13, 2021 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets You Hacked

In 2020, Twitter lost control of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — because a 17-year-old used spear phishing to trick a handful of Twitter employees into handing over internal credentials. The attackers didn't blast a million inboxes with a generic "Your account has

Carl B. Johnson May 04, 2021 6 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: What Actually Works

In March 2021, a single employee at a water treatment plant in Oldsmar, Florida, watched someone remotely take control of their screen and attempt to increase sodium hydroxide levels to dangerous concentrations. The attacker got in through a shared TeamViewer password. No advanced exploit. No zero-day. Just poor cybersecurity awareness

Carl B. Johnson Apr 12, 2021 6 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In December 2020, FireEye disclosed one of the most sophisticated supply chain attacks in history — the SolarWinds breach. Threat actors compromised a trusted software update, slipping past automated defenses at over 18,000 organizations including multiple U.S. government agencies. But here's the detail that gets buried: investigators

Carl B. Johnson Apr 02, 2021 7 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees: A 2021 Guide

The Click That Cost One Company $46 Million In 2020, Ubiquiti Networks disclosed a breach that started with a single employee's compromised credentials. Attackers impersonated company executives, manipulated employees through social engineering, and walked away with $46.7 million in fraudulent wire transfers. The technology was fine. The

Carl B. Johnson Apr 02, 2021 8 min read