Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Smishing Attacks

Smishing Attack Examples: Real Texts That Stole Millions

In 2023, the FBI's IC3 reported over $5.6 billion in losses from phishing and its variants — and smishing, the SMS-based cousin, drove a massive chunk of that number. I've watched smishing evolve from clumsy "you won a prize" texts into sophisticated, multi-step social

Carl B. Johnson May 10, 2026 5 min read
Shadow IT Risks

Shadow IT Risks: The Threats Hiding in Your Network

In 2023, a midsize healthcare company discovered that an employee had been syncing patient records to a personal Dropbox account for over two years. No malicious intent — just convenience. The result was a HIPAA violation, a six-figure settlement, and a brutal lesson in shadow IT risks that the organization'

Carl B. Johnson May 04, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and gained access to the company's entire network. The result: over $100 million in losses, days of disrupted operations,

Carl B. Johnson May 03, 2026 6 min read
NIST Standards

NIST Standards: What Actually Matters for Your Security

800 Pages of Security Guidance — and Most Teams Read None of It In 2023, the MOVEit Transfer breach compromised data from over 2,600 organizations worldwide. Many of those organizations claimed compliance with major frameworks. The problem wasn't that NIST standards didn't cover the vulnerability class

Carl B. Johnson May 01, 2026 5 min read
Shadow IT

What Is Shadow IT? The Hidden Risk Draining Your Security

Your Employees Are Building a Second Network You Can't See A marketing manager signs up for an AI writing tool using her corporate email. A developer spins up an AWS instance on a personal account to test code faster. A sales rep stores client contracts in a personal

Carl B. Johnson May 01, 2026 5 min read
What Is Cybersecurity

What Is Cybersecurity? A Practitioner's Real-World Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a ten-minute phone call. That single conversation gave attackers the keys to slot machines, hotel room systems, and customer data across an entire casino empire. If

Carl B. Johnson Apr 30, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

Your Employees Are the Breach — 68% of the Time The 2024 Verizon Data Breach Investigations Report found that 68% of breaches involved a non-malicious human element — someone clicked a phishing link, reused a password, or misconfigured a system. That number has held stubbornly steady for years. If you're

Carl B. Johnson Apr 26, 2026 5 min read
Incident Response

How to Respond to a Cyberattack: A Practical Guide

In February 2024, Change Healthcare — the largest medical claims processor in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted billing systems for hospitals and pharmacies nationwide for weeks. UnitedHealth Group later confirmed the breach affected approximately 100 million individuals. If you think your organization

Carl B. Johnson Apr 25, 2026 5 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

The Breach That Started Behind the Firewall In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. The attacker didn't punch through a firewall. They didn't exploit some exotic zero-day. They

Carl B. Johnson Apr 24, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost This Company $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained enough access to deploy ransomware across the entire

Carl B. Johnson Apr 21, 2026 5 min read