Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat That Already Has a Badge and a Password In January 2023, the FBI arrested a former GE employee and a collaborator for stealing trade secrets related to turbine technology — a scheme that had been running for years. The insider had legitimate access the entire time. No firewall stopped

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In January 2023, a former Tesla employee leaked the personal information of over 75,000 people — names, Social Security numbers, financial records — to a foreign news outlet. Tesla confirmed the breach wasn't caused by a sophisticated threat actor or a zero-day exploit. It was an insider. If you&

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: The Real Threat

Two Employees, Two Paths to a Breach In May 2023, Tesla disclosed that two former employees had leaked the personal data of over 75,000 workers — including Social Security numbers and financial records — to a German news outlet. That wasn't a sophisticated nation-state hack. It was insiders walking

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threat Indicators

Insider Threat Indicators: 12 Red Flags You're Missing

In January 2023, the U.S. Department of Justice charged a former Twitter employee with spying for Saudi Arabia — accessing the personal data of dissidents and handing it to foreign intelligence. He'd worked at the company for years. Passed background checks. Sat in meetings. Nobody flagged a thing

Carl B. Johnson Dec 09, 2023 7 min read
USB Drive Security Risks

USB Drive Security Risks: The Threat Already on Your Desk

In January 2022, the FBI issued a public warning that the cybercriminal group FIN7 had been mailing malicious USB drives to U.S. companies — disguised as packages from Amazon and the U.S. Department of Health and Human Services. The drives, once plugged in, deployed ransomware onto corporate networks. This

Carl B. Johnson Sep 18, 2023 7 min read
Tailgating Attack

Tailgating Attack Cybersecurity: Stop the Walk-In Threat

In 2019, a man wearing a reflective vest and carrying a clipboard walked into a secure data center in Atlanta, unplugged a server, tucked it under his arm, and walked right back out the front door. Nobody stopped him. Nobody questioned him. A $2.5 million client database left the

Carl B. Johnson Sep 18, 2023 7 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

In January 2023, T-Mobile disclosed that a threat actor had stolen data on roughly 37 million customer accounts by exploiting a single API vulnerability. But here's what most people missed in the headlines — the breach went undetected for over a month. That's not just a technology

Carl B. Johnson Sep 16, 2023 7 min read