Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.
posts
In 2023, MGM Resorts lost roughly $100 million after a social engineering phone call — a single phone call — gave threat actors the foothold they needed to deploy ransomware across the company's entire infrastructure. If you Google "cybersecurity definition," you'll get a tidy textbook answer
In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $120 million from Google and Facebook using a sophisticated man in the middle attack scheme. He impersonated a legitimate hardware vendor, intercepted invoice communications, and redirected payments to bank accounts he controlled. The scheme ran for two
In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by a ransomware attack that disrupted pharmacy operations, delayed patient care, and ultimately cost UnitedHealth Group an estimated $872 million in the first quarter alone. The attack vector? Stolen credentials and the
In 2024, the FBI's Internet Crime Complaint Center received over 859,000 complaints with losses exceeding $16.6 billion — a 33% increase from the year before. That number isn't slowing down in 2026. I've spent years watching organizations and individuals make the same preventable
The Framework That 50% of U.S. Organizations Still Get Wrong When Colonial Pipeline went dark in 2021, it wasn't because the company lacked a security budget. It was because basic controls — like multi-factor authentication on a legacy VPN — weren't in place. A single compromised credential
The Breach That Started With a Single Password In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attackers didn't exploit some exotic zero-day vulnerability. They used basic social engineering — information scraped from LinkedIn
The Threat Already Inside Your Network In 2023, Tesla disclosed that two former employees had leaked the personal data of more than 75,000 workers to a German news outlet. It wasn't a sophisticated hack. It wasn't a nation-state threat actor. It was people who already
The Breach That Exposed a Missing Playbook In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack gave threat actors access to critical systems. The attackers called the help desk, impersonated an employee, and got in. What made the damage so severe wasn't just
The $350 Million Typo in Verizon's Yahoo Deal When Verizon acquired Yahoo in 2017, the discovery of two massive data breaches — affecting all 3 billion Yahoo accounts — knocked $350 million off the purchase price. That's not a rounding error. That's what happens when cybersecurity
A Single Click Cost One Hospital Chain $100 Million In 2024, Change Healthcare — the payment processing backbone of the U.S. healthcare system — was crippled by a ransomware attack attributed to the ALPHV/BlackCat group. UnitedHealth Group, its parent company, disclosed the incident would cost over $870 million in direct
