Tag

Zero Trust Security

Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.

posts

IT Security

IT Security in 2021: What Most Organizations Get Wrong

Colonial Pipeline. SolarWinds. Microsoft Exchange. We're barely halfway through 2021 and the breach headlines are relentless. But here's what frustrates me most: the majority of these incidents didn't exploit exotic zero-day vulnerabilities. They exploited basic IT security gaps that organizations have known about for

Carl B. Johnson Jun 01, 2021 7 min read
Web Security Best Practices

Web Security Best Practices: 12 Steps That Actually Work

In March 2021, a single misconfigured web server at a major airline exposed 4.2 million passenger records. Names, email addresses, passport numbers — all sitting in an unprotected cloud bucket. The fix would have taken about fifteen minutes. The breach response cost millions and took months. That's the

Carl B. Johnson Jun 01, 2021 6 min read
Computer Security Service

Computer Security Service: What Actually Works in 2021

Colonial Pipeline Just Showed Us What Happens Without a Real Computer Security Service On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline went dark. Gas stations across the Southeast ran dry. The company paid a $4.4 million ransom

Carl B. Johnson May 18, 2021 7 min read
Social Engineering Attacks

Social Engineering Attacks: What Actually Works in 2021

The Phone Call That Cost One Company $75 Million In 2020, a teenager orchestrated one of the most high-profile social engineering attacks in history. He called Twitter employees, posed as IT staff, and convinced them to hand over credentials to internal tools. Within hours, he'd hijacked accounts belonging

Carl B. Johnson Apr 12, 2021 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

One Month Won't Save You — But It Can Start Something That Does In October 2020, during Cybersecurity Awareness Month, a major hospital chain — Universal Health Services — was fighting off one of the largest ransomware attacks in U.S. healthcare history. The Ryuk ransomware hit over 400 facilities. Staff

Carl B. Johnson Apr 02, 2021 6 min read
Ransomware Attack Prevention

Ransomware Attack Prevention: A Practical Guide

The Attack That Shut Down a Pipeline — and a Wake-Up Call for Everyone In February 2020, the Cybersecurity and Infrastructure Security Agency (CISA) published an alert after a ransomware attack forced a natural gas compression facility to shut down for two full days. The threat actor got in through a

Carl B. Johnson Mar 31, 2021 6 min read
Ransomware Prevention

How to Prevent Ransomware: A Practical Defense Guide

The Attack That Cost a Pipeline — and a Country's Fuel Supply In May 2021, Colonial Pipeline shut down 5,500 miles of fuel infrastructure after a ransomware attack crippled its operations. Millions of Americans panic-bought gasoline. The company paid $4.4 million in Bitcoin to the DarkSide threat

Carl B. Johnson Mar 12, 2021 7 min read
Ransomware Protection Tips

Ransomware Protection Tips That Actually Work in 2021

A Hospital Paid $17 Million. Your Organization Could Be Next. In September 2020, Universal Health Services got hit with Ryuk ransomware across 400 facilities. The damage? An estimated $67 million in recovery costs and lost revenue. A few months earlier, Garmin paid a reported $10 million ransom to get its

Carl B. Johnson Feb 24, 2021 7 min read