Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat Already Inside Your Firewall In January 2025, a former employee of a U.S. infrastructure firm was charged with attempting to sabotage water treatment systems — months after being terminated. His credentials were never revoked. The damage was caught, but barely. This isn't an edge case. It&

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

One Clicked a Link. The Other Sold the Data. Both Cost Millions. In 2023, Tesla disclosed that two former employees had leaked the personal information of over 75,000 people — including Social Security numbers — to a foreign media outlet. That same year, the Verizon 2023 Data Breach Investigations Report confirmed

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threat Indicators

Insider Threat Indicators: 9 Red Flags to Catch Early

In May 2022, a Yahoo research scientist named Qian Sang downloaded roughly 570,000 pages of proprietary source code to his personal devices — just two weeks after accepting a job at a competitor. Yahoo's internal systems flagged the bulk transfer, but only after the damage was done. This

Carl B. Johnson Jun 12, 2025 6 min read
Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat That Still Works

In 2023, a Ponemon Institute study sponsored by 3M found that 91% of visual hacking attempts — someone simply looking at a screen — were successful. No malware. No zero-day exploit. No phishing email. Just a person standing in the right place at the right time, reading credentials off someone else'

Carl B. Johnson Apr 20, 2025 7 min read
Clean Desk Policy

Clean Desk Policy Cybersecurity: Your Cheapest Defense

In 2023, a healthcare organization in the Midwest lost over 2,000 patient records — not because a hacker exploited a zero-day vulnerability, but because an employee left printed patient lists on their desk over the weekend. A cleaning contractor photographed them. That's it. No malware, no phishing email,

Carl B. Johnson Apr 20, 2025 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

The Breach That Started With a Single Slack Message In September 2022, a threat actor convinced a Uber contractor to approve a multi-factor authentication push notification. That single moment of human failure gave the attacker access to Uber's internal systems, including their Slack workspace, vulnerability reports, and financial

Carl B. Johnson Mar 29, 2025 8 min read