Tag

Social Engineering Defense

Focuses on recognizing and countering manipulation tactics that attackers use to exploit human trust. Covers pretexting, baiting, tailgating, impersonation scams, and organizational defenses such as verification protocols, awareness campaigns, and incident reporting procedures.

posts

Phishing Simulation Training

Phishing Simulation Training: Why Most Programs Fail

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. One conversation. No malware payload, no zero-day exploit, no sophisticated code. Just a human being who wasn't prepared for the moment. That'

Carl B. Johnson Jan 19, 2020 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

The Breach That Cost Change Healthcare Everything In February 2024, a threat actor used stolen credentials to access Change Healthcare's systems — systems that lacked multi-factor authentication on a critical remote access portal. The result? A ransomware attack that disrupted pharmacy operations across the United States for weeks and

Carl B. Johnson Nov 26, 2019 6 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a social engineering message to an Uber employee, pretending to be IT support. The employee handed over credentials. Within hours, the attacker had access to internal systems, the company's HackerOne vulnerability reports,

Carl B. Johnson Sep 01, 2019 7 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a push notification to an Uber contractor's phone — over and over, for more than an hour. The contractor eventually approved the multi-factor authentication request just to make it stop. That single moment

Carl B. Johnson Sep 01, 2019 6 min read
Security of Cyberspace

Security of Cyberspace: What Actually Works in 2026

In February 2024, Change Healthcare — one of the largest health payment processors in the United States — suffered a ransomware attack that disrupted pharmacy operations, delayed insurance claims, and exposed the protected health information of roughly 100 million people. One set of stolen credentials. No multi-factor authentication on a critical system.

Carl B. Johnson Feb 25, 2019 6 min read