Focuses on recognizing and countering manipulation tactics that attackers use to exploit human trust. Covers pretexting, baiting, tailgating, impersonation scams, and organizational defenses such as verification protocols, awareness campaigns, and incident reporting procedures.
posts
23andMe Filed for Bankruptcy. Account Takeover Was the Starting Gun. In October 2023, genetic testing company 23andMe confirmed that threat actors had compromised roughly 6.9 million user accounts. The attack method wasn't some exotic zero-day exploit. It was credential stuffing — attackers used previously leaked username and password
The $4.88 Million Wake-Up Call You Can't Afford to Ignore IBM's 2024 Cost of a Data Breach Report pegs the global average cost of a breach at $4.88 million — the highest figure ever recorded. That's not a typo. And it's
In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was brought to its knees by a ransomware attack. Patient data for potentially tens of millions of Americans was exposed. The initial access vector? Stolen credentials on a system that lacked multi-factor authentication. One
The Breach That Changed How I Think About Cyber Security In January 2024, Microsoft disclosed that Russian threat actor Midnight Blizzard had been lurking inside their corporate email systems since November 2023. Not a small startup. Not a company that skimps on security budgets. Microsoft. If their cyber security defenses
In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way almost all
In March 2023, the FBI's Internet Crime Complaint Center reported that business email compromise alone cost organizations $2.7 billion in 2022 — and the vast majority of those losses started with a single employee clicking, replying, or trusting the wrong message. I've reviewed dozens of incident
In July 2023, a ransomware attack crippled the nonprofit hospital chain CommonSpirit Health, ultimately affecting over 600,000 patients and costing the organization an estimated $160 million. That's not a Fortune 500 company. That's a mission-driven organization built to serve communities — brought to its knees because
A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,
A 45-Minute Slide Deck Didn't Stop the Breach at MGM In September 2023, a threat actor social-engineered their way into MGM Resorts' systems with a single phone call. The attackers reportedly found an employee on LinkedIn, called the help desk, and convinced someone to reset credentials. The
A $2.6 Million Invoice Nobody Budgeted For In March 2023, the city of Oakland, California declared a state of emergency after a ransomware attack crippled city services for weeks. Systems went offline. Sensitive employee data leaked onto the dark web. The estimated recovery cost? Millions. And the initial entry
