Tag

Zero Trust Security

Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.

posts

Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The Breach That Started With "Spring2024!" In early 2024, a midsize healthcare company in the Midwest lost 2.3 million patient records. The root cause wasn't a sophisticated zero-day exploit. It wasn't a nation-state threat actor. It was an employee who reused the same

Carl B. Johnson Jun 15, 2025 6 min read
Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat Already Inside Your Firewall In January 2025, a former employee of a U.S. infrastructure firm was charged with attempting to sabotage water treatment systems — months after being terminated. His credentials were never revoked. The damage was caught, but barely. This isn't an edge case. It&

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threats

Insider Threat Examples: 7 Real Cases That Cost Millions

In 2022, a former employee of Cash App's parent company, Block Inc., downloaded reports containing the personal information of 8.2 million customers — months after being terminated. The company's failure to revoke access cost them regulatory scrutiny, a class-action lawsuit, and reputational damage that no PR

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

One Clicked a Link. The Other Sold the Data. Both Cost Millions. In 2023, Tesla disclosed that two former employees had leaked the personal information of over 75,000 people — including Social Security numbers — to a foreign media outlet. That same year, the Verizon 2023 Data Breach Investigations Report confirmed

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threat Indicators

Insider Threat Indicators: 9 Red Flags to Catch Early

In May 2022, a Yahoo research scientist named Qian Sang downloaded roughly 570,000 pages of proprietary source code to his personal devices — just two weeks after accepting a job at a competitor. Yahoo's internal systems flagged the bulk transfer, but only after the damage was done. This

Carl B. Johnson Jun 12, 2025 6 min read
Securing Employee Mobile Devices

Securing Employee Mobile Devices: A 2025 Field Guide

The Text Message That Cost One Company $40 Million In 2024, a sophisticated smishing campaign targeted employees at several major financial institutions. Threat actors sent SMS messages impersonating IT support, directing staff to fake login portals that harvested credentials and multi-factor authentication tokens. The attackers then used those stolen credentials

Carl B. Johnson Apr 20, 2025 7 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called an employee, pretended to

Carl B. Johnson Mar 29, 2025 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

The Breach That Started With a Reused Password In January 2024, Microsoft disclosed that a Russian threat actor group known as Midnight Blizzard compromised executive email accounts — not through some exotic zero-day, but by password spraying a legacy test account that lacked multi-factor authentication. One overlooked account. No MFA. That&

Carl B. Johnson Mar 17, 2025 7 min read