Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

In 2024, a single set of stolen Snowflake credentials led to the breach of over 165 organizations — including Ticketmaster and AT&T — exposing hundreds of millions of customer records. The root cause wasn't some exotic zero-day exploit. It was reused passwords without multi-factor authentication. Every one of

Carl B. Johnson Nov 02, 2019 7 min read
Multi-Factor Authentication

Multi-Factor Authentication Setup: A Practical Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by social engineering the help desk into resetting an employee's credentials — credentials that lacked properly enforced multi-factor authentication at critical junctures. That single phone call cascaded into one of the most expensive

Carl B. Johnson Nov 02, 2019 8 min read
Multi-Factor Authentication

MFA vs Two-Factor Authentication: What Actually Matters

In September 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider bypassed the company's authentication controls using a simple social engineering phone call. The attackers didn't crack a password vault or exploit a zero-day. They convinced a help desk employee to

Carl B. Johnson Nov 02, 2019 6 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 80% Problem Nobody Wants to Talk About The 2024 Verizon Data Breach Investigations Report found that stolen credentials were involved in roughly 31% of all breaches over the past decade — and that human-element breaches, including credential theft and phishing, accounted for nearly 68% of incidents in their latest dataset.

Carl B. Johnson Nov 02, 2019 6 min read
Incident Response

How to Respond to a Cyberattack: A Practical Guide

In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to an IT help desk. The threat actor impersonated an employee, convinced a technician to reset credentials, and within hours had deployed ransomware across critical systems. Slot machines went

Carl B. Johnson Oct 09, 2019 7 min read
Cyber Incident Reporting

How to Report a Cyber Incident: A Step-by-Step Guide

The Breach That Nobody Reported — Until It Was Too Late In 2023, a mid-size healthcare provider in the Midwest discovered suspicious network activity on a Friday afternoon. The IT manager flagged it internally but didn't report it externally. By Monday morning, threat actors had exfiltrated 1.4 million

Carl B. Johnson Oct 01, 2019 6 min read
Zero Trust Security Model

Zero Trust Security Model: A Practical Guide for 2026

The Breach That Proved Perimeters Don't Work In 2020, the SolarWinds breach gave roughly 18,000 organizations a brutal lesson: once a threat actor gets past your perimeter, they can move laterally for months without detection. Government agencies, Fortune 500 companies, and critical infrastructure providers all had firewalls.

Carl B. Johnson Oct 01, 2019 7 min read