Tag

Social Engineering Defense

Focuses on recognizing and countering manipulation tactics that attackers use to exploit human trust. Covers pretexting, baiting, tailgating, impersonation scams, and organizational defenses such as verification protocols, awareness campaigns, and incident reporting procedures.

posts

Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Survival Guide for 2024

In July 2023, a ransomware attack crippled the nonprofit hospital chain CommonSpirit Health, ultimately affecting over 600,000 patients and costing the organization an estimated $160 million. That's not a Fortune 500 company. That's a mission-driven organization built to serve communities — brought to its knees because

Carl B. Johnson Nov 09, 2023 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,

Carl B. Johnson Sep 16, 2023 8 min read
Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $2.6 Million Invoice Nobody Budgeted For In March 2023, the city of Oakland, California declared a state of emergency after a ransomware attack crippled city services for weeks. Systems went offline. Sensitive employee data leaked onto the dark web. The estimated recovery cost? Millions. And the initial entry

Carl B. Johnson Jun 09, 2023 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2022, the FBI issued a Private Industry Notification warning that cybercriminals were using keyloggers embedded in fake business invoices to compromise corporate networks. The attackers harvested credentials for weeks before anyone noticed. By then, the damage was done — financial accounts drained, email systems hijacked, and sensitive client data

Carl B. Johnson Jan 24, 2023 6 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2022

In March 2022, Okta confirmed that the Lapsus$ threat actor group had accessed an internal support engineer's laptop — and the fallout rippled across the entire identity management industry. The breach didn't start with a sophisticated zero-day exploit. It started with compromised credentials. That single detail tells

Carl B. Johnson Aug 11, 2022 7 min read
Computer Security Companies

Computer Security Companies: What They Won't Tell You

The Blind Spot That Computer Security Companies Sell Around In March 2022, Okta — one of the most prominent identity management vendors in the world — confirmed that the Lapsus$ threat actor group had compromised a third-party support engineer's laptop and accessed internal systems. An identity security company, breached through

Carl B. Johnson Jul 30, 2022 7 min read
Cyber Security

Cyber Security Basics That Stop 90% of Attacks

The Breach That Started With a Single Password In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the Eastern United States. The attackers used a stolen VPN credential — no multi-factor authentication, no zero trust architecture, just one reused password. That's

Carl B. Johnson Jul 30, 2022 6 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $100 Million In 2019, a UK-based energy company's CEO received a phone call from what he believed was his boss — the head of the parent company in Germany. The voice was perfect. The accent, the tone, the speech patterns — all spot

Carl B. Johnson Apr 21, 2022 7 min read