Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Data Breach Reporting

How to Report a Data Breach: A Step-by-Step Guide

The Clock Starts Ticking the Moment You Discover a Breach In December 2020, FireEye disclosed it had been breached by a sophisticated threat actor — a revelation that quickly unraveled into the massive SolarWinds supply chain compromise affecting 18,000 organizations including multiple U.S. government agencies. The question every security

Carl B. Johnson Jan 14, 2021 7 min read
Cost of a Data Breach

Cost of a Data Breach: What 2021 Trends Tell Us

The Cost of a Data Breach Is Already Staggering — And the Trajectory Is Alarming In 2020, the average cost of a data breach hit $3.86 million globally, according to IBM and the Ponemon Institute's annual Cost of a Data Breach Report. That number has been climbing steadily

Carl B. Johnson Jan 14, 2021 6 min read
Password Security

Password Security Best Practices That Actually Work

The Breach That Started With a Single Reused Password In December 2020, the SolarWinds breach dominated every security headline on the planet. But while the world fixated on nation-state threat actors and supply chain attacks, I kept thinking about a detail that emerged early: a SolarWinds intern had reportedly set

Carl B. Johnson Jan 14, 2021 7 min read
Multi-Factor Authentication

MFA vs Two-Factor Authentication: What Actually Matters

In July 2020, a teenager orchestrated one of the most high-profile breaches in social media history — the Twitter hack that compromised accounts belonging to Barack Obama, Elon Musk, and Apple. The attack vector? Social engineering and credential theft that bypassed weak authentication controls. It was a brutal reminder that passwords

Carl B. Johnson Jan 11, 2021 6 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

In December 2020, SolarWinds disclosed a supply chain compromise that shook the entire cybersecurity industry. But while the world was focused on nation-state threat actors, Verizon's 2020 Data Breach Investigations Report had already confirmed something far more common and just as devastating: over 80% of hacking-related breaches involved

Carl B. Johnson Jan 03, 2021 7 min read
Cybersecurity Incident Response

Cybersecurity Incident Response: A Battle-Tested Guide

In July 2020, Twitter lost control of 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — in a social engineering attack that bypassed every technical control the company had. The attackers didn't use a zero-day exploit. They manipulated employees. And Twitter's cybersecurity incident

Carl B. Johnson Dec 20, 2020 7 min read
Incident Response Plan Template

Incident Response Plan Template: Build Yours Today

The SolarWinds breach discovered this month compromised at least 18,000 organizations — including multiple U.S. government agencies — and most of them had no actionable incident response plan template ready when the alerts started firing. I've watched organizations scramble through breaches with nothing but a stale PDF from

Carl B. Johnson Dec 20, 2020 7 min read
Incident Response

How to Respond to a Cyberattack: A Practical Guide

In July 2020, Garmin went dark. Their fitness trackers, aviation navigation tools, and customer support systems all went offline simultaneously. A ransomware attack attributed to the WastedLocker strain reportedly crippled the company for days. If you're wondering how to respond to a cyberattack, Garmin's very public

Carl B. Johnson Dec 20, 2020 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2021

The SolarWinds Breach Just Proved Your Perimeter Is Dead As I write this in December 2020, we're watching one of the most devastating supply chain attacks in history unfold. The SolarWinds breach — disclosed just days ago — compromised U.S. government agencies and major corporations by exploiting trusted software

Carl B. Johnson Dec 12, 2020 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2021

When Twitter disclosed in July 2020 that attackers had hijacked 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — the root cause wasn't some exotic zero-day exploit. It was social engineering. Attackers manipulated employees, gained access to internal tools, and moved laterally through systems that trusted them

Carl B. Johnson Dec 12, 2020 7 min read