Tag

Zero Trust Security

Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.

posts

Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the payment. No malware. No zero-day exploit. Just a well-trained employee who wasn't trained well enough. That incident

Carl B. Johnson Mar 24, 2024 7 min read
Ransomware Attack Prevention

Ransomware Attack Prevention: A Practical Guide for 2024

In January 2024, Fulton County, Georgia — home to Atlanta — was crippled by a ransomware attack that knocked court systems offline, disrupted tax processing, and left residents unable to access basic government services for weeks. It wasn't an isolated event. The FBI's Internet Crime Complaint Center (IC3)

Carl B. Johnson Feb 28, 2024 8 min read
Ransomware Prevention

How to Prevent Ransomware: A Practical Defense Guide

The $1.1 Billion Year That Changed Everything In 2023, ransomware payments topped $1.1 billion globally, according to Chainalysis research. That's more than double the previous year. If you're reading this wondering how to prevent ransomware, understand this first: threat actors aren't slowing

Carl B. Johnson Feb 09, 2024 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had breached executive email accounts — not through some exotic zero-day exploit, but through a simple password spray attack on a legacy test account that lacked multi-factor authentication. If Microsoft can get caught flat-footed, your organization

Carl B. Johnson Feb 09, 2024 6 min read
Password Security Best Practices

Password Security Best Practices That Actually Work

The Breach That Started With a Single Reused Password In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered their way into systems — and weak credential hygiene played a central role. That incident didn't start with a sophisticated zero-day exploit. It started

Carl B. Johnson Jan 22, 2024 6 min read
Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

The Breach That Started With "Company123!" In September 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering to compromise employee credentials. The attack didn't require some sophisticated zero-day exploit. It started with identity — with passwords and people. And it'

Carl B. Johnson Jan 22, 2024 7 min read
Multi-Factor Authentication

Multi-Factor Authentication Setup: A Practical Guide

In September 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by socially engineering a helpdesk employee into resetting MFA credentials. Let that sink in. The company had multi-factor authentication. It still wasn't enough — because the multi-factor authentication setup and the processes

Carl B. Johnson Jan 20, 2024 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 23andMe Breach Started With Recycled Passwords In October 2023, genetic testing company 23andMe confirmed that attackers accessed roughly 6.9 million user profiles. The method wasn't some exotic zero-day exploit. It was credential stuffing — threat actors took username and password combinations leaked from other breaches and simply

Carl B. Johnson Jan 20, 2024 7 min read