Tag

Zero Trust Security

Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.

posts

Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

In December 2020, SolarWinds disclosed that threat actors had compromised its Orion software platform, ultimately breaching at least nine U.S. federal agencies and over 100 private companies. The attack went undetected for months. It wasn't a zero-day exploit that got them in — it was a compromised build

Carl B. Johnson Feb 24, 2021 7 min read
Insider Threats

Insider Threat Examples: Real Cases That Cost Millions

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker had hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — tweeting a Bitcoin scam that netted over $100,000. The most sophisticated firewall in the world wouldn&

Carl B. Johnson Dec 20, 2020 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal tool credentials. Within hours, threat actors had hijacked high-profile accounts — Barack Obama, Elon Musk, Apple — and ran a Bitcoin scam that netted over $100,000. The breach didn't start with a zero-day exploit

Carl B. Johnson Dec 20, 2020 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

A Disgruntled Engineer, a Careless Accountant, and $11.45 Billion in Losses In 2018, a former Tesla employee reportedly sabotaged the company's manufacturing systems and exfiltrated sensitive data to third parties. That same year, countless organizations bled data because an employee clicked a phishing link or misconfigured a

Carl B. Johnson Dec 12, 2020 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2021

The SolarWinds Breach Just Proved Your Perimeter Is Dead As I write this in December 2020, we're watching one of the most devastating supply chain attacks in history unfold. The SolarWinds breach — disclosed just days ago — compromised U.S. government agencies and major corporations by exploiting trusted software

Carl B. Johnson Dec 12, 2020 7 min read
Remote Desktop Security Risks

Remote Desktop Security Risks That Lead to Breaches

A Single Exposed RDP Port Cost One Hospital Everything In 2023, a regional hospital in Illinois discovered that attackers had been inside their network for over three weeks. The entry point? A single Remote Desktop Protocol (RDP) port left open to the internet. The threat actors used brute-forced credentials to

Carl B. Johnson Nov 08, 2020 6 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Practical Defense Guide

The Breach That Cost a Children's Charity Everything In 2023, Save the Children Federation confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with significant resources still

Carl B. Johnson Nov 04, 2020 7 min read
Shadow IT

What Is Shadow IT? The Hidden Risk Draining Your Budget

The Breach That Started With a Spreadsheet App In 2023, a midsize healthcare company discovered that an employee had been syncing patient records to an unauthorized cloud storage service for over eight months. The service had no encryption, no access controls, and no audit logging. By the time the security

Carl B. Johnson Oct 27, 2020 7 min read
Securing Employee Mobile Devices

Securing Employee Mobile Devices: A Practical Guide

In 2023, a single compromised employee phone gave threat actors a foothold inside MGM Resorts' network. The attackers used social engineering — a phone call to the help desk — and within hours, they had enough access to deploy ransomware that cost the company over $100 million. The device that started

Carl B. Johnson Oct 27, 2020 7 min read
USB Drive Security Risks

USB Drive Security Risks: Why They Still Bypass Defenses

In January 2022, the FBI issued a public warning that the cybercriminal group FIN7 had been mailing malicious USB drives — disguised as gift cards and COVID-19 guidelines — directly to U.S. companies. The drives contained ransomware. Employees plugged them in. Networks fell. That campaign wasn't some edge case

Carl B. Johnson Oct 10, 2020 6 min read