Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost This Company $36 Million In 2023, MGM Resorts lost an estimated $100 million after a threat actor socially engineered the company's help desk with a single phone call. The attacker impersonated an employee, convinced an IT worker to reset credentials, and from there pivoted through

Carl B. Johnson Dec 14, 2019 7 min read
Cybersecurity Training

How to Train Employees on Cybersecurity in 2026

The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker found an employee on LinkedIn, called the IT service desk, and convinced them to reset credentials. That&

Carl B. Johnson Dec 14, 2019 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

Every October, Organizations Pretend to Care About Security Last October, a mid-sized healthcare company ran a poster campaign for Cybersecurity Awareness Month. Inspirational quotes about passwords. A lunch-and-learn nobody attended. Two weeks later, a threat actor walked through their defenses using a single phishing email that an accounts payable clerk

Carl B. Johnson Dec 14, 2019 6 min read
Ransomware

How Ransomware Spreads: 7 Paths Into Your Network

In May 2021, a single compromised VPN password shut down the largest fuel pipeline in the United States. The Colonial Pipeline attack didn't start with some exotic zero-day exploit. It started with a stolen credential. That's the reality of how ransomware spreads — and it's

Carl B. Johnson Nov 30, 2019 6 min read
Cybersecurity Incident Examples

Cybersecurity Incident Examples That Changed Security

A Single Stolen Password Started a $4.4 Billion Problem In May 2021, a single compromised password shut down the Colonial Pipeline — the largest fuel pipeline in the United States. Fuel shortages hit the East Coast. Panic buying emptied gas stations across multiple states. The company paid a $4.4

Carl B. Johnson Oct 09, 2019 7 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

The Threat Already Inside Your Building In January 2023, the FBI arrested a former GE Aviation employee who had spent years downloading thousands of proprietary turbine technology files and transferring trade secrets to a competing business in China. The insider had legitimate access. He passed every background check. He sat

Carl B. Johnson Oct 01, 2019 6 min read
Insider Threat Examples

Insider Threat Examples: Real Breaches That Cost Millions

The Threat Already Inside Your Building In 2022, a former employee at Cash App's parent company, Block, downloaded reports containing the personal information of 8.2 million customers — months after leaving the company. Block disclosed the breach in an SEC filing, and lawsuits followed. The attacker didn'

Carl B. Johnson Oct 01, 2019 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threat Guide

One Employee Stole Data for Profit. The Other Just Clicked the Wrong Link. In 2022, a former employee of a major healthcare organization was sentenced to federal prison for stealing patient records and selling them. That same year, the Verizon Data Breach Investigations Report found that 82% of breaches involved

Carl B. Johnson Oct 01, 2019 7 min read
Insider Threat Indicators

Insider Threat Indicators: 9 Red Flags You Can't Ignore

The Breach That Came From the Inside In 2022, a former Twitter employee was convicted of spying on behalf of Saudi Arabia, accessing the personal data of dissidents using nothing more than his legitimate credentials. No malware. No phishing email. Just an insider with access and motive. That case made

Carl B. Johnson Oct 01, 2019 7 min read