Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.
posts
A Single Click Cost One Hospital Chain $100 Million In 2024, Change Healthcare — the largest health payment processing company in the U.S. — was hit by the ALPHV/BlackCat ransomware gang. The attack disrupted claims processing for thousands of providers nationwide. UnitedHealth Group, Change Healthcare's parent company, disclosed
The Breach That Started Behind the Firewall In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. The attacker didn't punch through a firewall. They didn't exploit some exotic zero-day. They
One Click Cost This Company $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained enough access to deploy ransomware across the entire
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a ten-minute phone call. That single conversation gave attackers the keys to one of the largest hospitality companies on the planet. So when someone asks me what is
$4.88 Million Was Last Year's Average. This Year Will Be Worse. IBM's 2024 Cost of a Data Breach Report put the global average at $4.88 million — a 10% jump from the year before and the highest figure ever recorded at that point. If you
In 2023, a single employee's compromised personal phone gave threat actors a foothold into MGM Resorts' corporate network. The resulting breach cost the company over $100 million. The attack didn't start with some sophisticated zero-day exploit — it started with a social engineering call to the
A Trusted Software Update Became the Biggest Backdoor in History In December 2020, FireEye disclosed that threat actors had compromised SolarWinds Orion — a network monitoring platform used by 33,000 organizations, including multiple U.S. federal agencies. The attackers embedded malicious code into a routine software update. Every organization that
In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.
In 2023, a single compromised employee phone at MGM Resorts International led to a social engineering attack that cost the company over $100 million in losses. The threat actors didn't hack a firewall or exploit a zero-day. They called the help desk. That incident is a masterclass in
In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most
