Tag

Zero Trust

Understand the Zero Trust security model, which operates on the principle of never trust, always verify. Posts cover Zero Trust architecture, identity verification, micro-segmentation, least-privilege access, and practical steps for implementing Zero Trust frameworks across enterprise environments.

posts

Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

One Unapproved App Cost a Hospital Network $3 Million In 2023, a regional hospital system discovered that a department had been using an unapproved file-sharing tool to exchange patient records for over a year. The tool had no encryption, no access controls, and no audit trail. When an attacker exploited

Carl B. Johnson Sep 10, 2019 8 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

The Text Message That Cost a Company $15 Million In 2022, Twilio disclosed a breach that started with a simple SMS message. Employees received text messages impersonating the IT department, directing them to a fake login page. Several entered their credentials. That single vector — mobile phishing attacks delivered via text

Carl B. Johnson Sep 08, 2019 7 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a push notification to an Uber contractor's phone — over and over, for more than an hour. The contractor eventually approved the multi-factor authentication request just to make it stop. That single moment

Carl B. Johnson Sep 01, 2019 6 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability didn't just hit one company. It cascaded through thousands of organizations that relied on a single file-transfer vendor. Government agencies, banks, healthcare systems, and universities all found themselves exposed — not because of anything

Carl B. Johnson Aug 14, 2019 7 min read
Vendor Risk Management

Vendor Risk Management Cybersecurity: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability compromised over 2,600 organizations and exposed the data of more than 77 million individuals — not because those organizations had weak security, but because a single vendor did. Companies like Ernst & Young, the BBC,

Carl B. Johnson Aug 14, 2019 7 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

During a breach investigation last year, I watched a CFO stare blankly at an incident responder who kept saying "the threat actor used credential stuffing to pivot laterally after compromising an MFA-gapped endpoint." The CFO's response: "Can someone please speak English?" That moment cost

Carl B. Johnson Jul 20, 2019 7 min read
IT Security

IT Security in 2026: What Actually Works Now

In February 2024, Change Healthcare — one of the largest health IT companies in the United States — suffered a ransomware attack that disrupted insurance claims processing for thousands of hospitals and pharmacies nationwide. UnitedHealth Group, its parent company, later disclosed that the breach affected roughly 100 million individuals. The root cause?

Carl B. Johnson Feb 22, 2019 7 min read