Tag

Zero Trust Security

Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.

posts

Insider Threat Examples

Insider Threat Examples: Real Breaches That Cost Millions

The Threat Already Inside Your Building In 2022, a former employee at Cash App's parent company, Block, downloaded reports containing the personal information of 8.2 million customers — months after leaving the company. Block disclosed the breach in an SEC filing, and lawsuits followed. The attacker didn'

Carl B. Johnson Oct 01, 2019 7 min read
Insider Threats

How to Prevent Insider Threats Before They Cost Millions

In 2022, a former employee at Cash App's parent company, Block Inc., downloaded reports containing the personal information of over 8 million customers — months after they'd left the company. The access was never revoked. No alarm was triggered. The breach wasn't discovered until the

Carl B. Johnson Oct 01, 2019 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threat Guide

One Employee Stole Data for Profit. The Other Just Clicked the Wrong Link. In 2022, a former employee of a major healthcare organization was sentenced to federal prison for stealing patient records and selling them. That same year, the Verizon Data Breach Investigations Report found that 82% of breaches involved

Carl B. Johnson Oct 01, 2019 7 min read
Insider Threat Indicators

Insider Threat Indicators: 9 Red Flags You Can't Ignore

The Breach That Came From the Inside In 2022, a former Twitter employee was convicted of spying on behalf of Saudi Arabia, accessing the personal data of dissidents using nothing more than his legitimate credentials. No malware. No phishing email. Just an insider with access and motive. That case made

Carl B. Johnson Oct 01, 2019 7 min read
Shadow IT

What Is Shadow IT? The Hidden Risk You Can't Ignore

Your Employees Already Built a Second IT Department In 2023, a Gartner survey found that 41% of employees acquired, modified, or created technology outside of IT's visibility. By now, that number has only grown. If you're asking what is shadow IT, the short answer is this:

Carl B. Johnson Sep 08, 2019 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2026

A Preventable Breach That Started With One Reused Password In 2024, the breach at Change Healthcare disrupted pharmacy operations across the United States for weeks. The root cause? A compromised credential on a system that lacked multi-factor authentication. That single gap — a basic cyber hygiene failure — led to one of

Carl B. Johnson Aug 20, 2019 6 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk. The attackers didn't exploit a zero-day vulnerability. They didn't write exotic malware. They called IT support, impersonated an employee, and got

Carl B. Johnson Aug 20, 2019 7 min read
Supply Chain Attack Examples

Supply Chain Attack Examples That Changed Cybersecurity

In December 2020, security firm FireEye disclosed that threat actors had compromised SolarWinds' Orion software platform — and with it, roughly 18,000 organizations that installed a poisoned update. Government agencies, Fortune 500 companies, and critical infrastructure operators all got hit through a single trusted vendor. That's the

Carl B. Johnson Aug 14, 2019 6 min read