Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Cyber Hygiene

What Is Cyber Hygiene? The Daily Habits That Stop Breaches

A Stolen Password, a $4.88 Million Problem In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. The root cause in most of those incidents wasn't a sophisticated zero-day exploit. It

Carl B. Johnson Aug 20, 2019 7 min read
Cybersecurity for Executives

Cybersecurity for Executives: What the C-Suite Gets Wrong

The CEO Who Clicked the Link In 2024, the SEC charged SolarWinds' CISO with fraud and internal control failures tied to the massive breach that compromised federal agencies and Fortune 500 companies. That case sent shockwaves through every boardroom in America — not because of the technical details, but because

Carl B. Johnson Aug 20, 2019 7 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability didn't just hit one company. It cascaded through thousands of organizations that relied on a single file-transfer vendor. Government agencies, banks, healthcare systems, and universities all found themselves exposed — not because of anything

Carl B. Johnson Aug 14, 2019 7 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

In April 2024, a credentials dump containing over 26 billion records — dubbed the "Mother of All Breaches" — surfaced on dark web forums. LinkedIn, Twitter, Dropbox, Adobe, and hundreds of other platforms were represented. Within weeks, threat actors were using those credentials in automated stuffing attacks against small and

Carl B. Johnson Aug 14, 2019 7 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

During a breach investigation last year, I watched a CFO stare blankly at an incident responder who kept saying "the threat actor used credential stuffing to pivot laterally after compromising an MFA-gapped endpoint." The CFO's response: "Can someone please speak English?" That moment cost

Carl B. Johnson Jul 20, 2019 7 min read
Adware vs Spyware

Adware vs Spyware: What Security Teams Must Know

In 2023, a barcode scanner app on the Google Play Store — used by over 10 million people — pushed a malicious update that turned a legitimate tool into an aggressive adware delivery mechanism overnight. Users were flooded with pop-ups and redirected to shady websites. Within weeks, researchers discovered the same app

Carl B. Johnson Jul 14, 2019 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In 2023, the FBI dismantled a cybercrime ring that used a commercial keylogger called Snake Keylogger to steal credentials from over 10,000 victims across 50 countries. The malware recorded every keystroke — banking passwords, email logins, private messages — and quietly exfiltrated the data to attacker-controlled servers. The victims had no

Carl B. Johnson Jul 14, 2019 6 min read
DNS Spoofing

DNS Spoofing Attack: How Hackers Redirect Your Traffic

Your Employees Think They're on Your Bank's Website. They're Not. In April 2022, researchers at Avast documented a campaign where threat actors compromised home routers to execute a DNS spoofing attack that redirected users trying to visit legitimate banking sites to near-perfect credential theft

Carl B. Johnson Jul 14, 2019 6 min read