Tag

Zero Trust

Understand the Zero Trust security model, which operates on the principle of never trust, always verify. Posts cover Zero Trust architecture, identity verification, micro-segmentation, least-privilege access, and practical steps for implementing Zero Trust frameworks across enterprise environments.

posts

BYOD Security Risks

BYOD Security Risks: What's Really on Your Network

The Personal Phone That Took Down a Hospital Network In 2023, a nurse at a mid-sized hospital plugged a personal phone into a workstation USB port to charge it. That phone was already compromised with malware from a sideloaded app. Within 72 hours, threat actors had lateral movement across the

Carl B. Johnson Oct 27, 2020 7 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

82% of Phishing Sites Now Target Mobile Devices In late 2024, a wave of toll-road smishing texts hit millions of Americans. The messages claimed unpaid tolls from agencies like E-ZPass and SunPass, directing victims to pixel-perfect payment pages optimized for mobile screens. The FBI's Internet Crime Complaint Center

Carl B. Johnson Oct 10, 2020 7 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

A Fortune 500 Company Got Breached by a Phone Call In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The result? Over $100 million in losses, days of operational chaos, and a stock

Carl B. Johnson Oct 10, 2020 7 min read
Supply Chain Attacks

Supply Chain Attack Examples That Changed Cybersecurity

In December 2020, security firm FireEye discovered that a routine software update from SolarWinds had been weaponized to infiltrate roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and multiple Fortune 500 companies. The attackers didn't kick down the front door. They walked

Carl B. Johnson Sep 07, 2020 7 min read
Vendor Risk Management

Vendor Risk Management Cybersecurity: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability didn't just hit Progress Software. It cascaded through thousands of organizations — government agencies, banks, healthcare systems — because those organizations trusted a single vendor's file transfer tool. Over 2,600 organizations and

Carl B. Johnson Jul 19, 2020 8 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

When the Colonial Pipeline attack shut down fuel distribution across the Eastern United States in 2021, news anchors stumbled over words like "ransomware," "threat actor," and "zero trust." Millions of people realized they didn't speak the language of cybersecurity — and that ignorance

Carl B. Johnson May 08, 2020 7 min read
Multi-Factor Authentication

MFA vs Two-Factor Authentication: What Actually Matters

In September 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider bypassed the company's authentication controls using a simple social engineering phone call. The attackers didn't crack a password vault or exploit a zero-day. They convinced a help desk employee to

Carl B. Johnson Nov 02, 2019 6 min read