Tag

Zero Trust

Understand the Zero Trust security model, which operates on the principle of never trust, always verify. Posts cover Zero Trust architecture, identity verification, micro-segmentation, least-privilege access, and practical steps for implementing Zero Trust frameworks across enterprise environments.

posts

Ransomware Prevention

How to Prevent Ransomware: A Practical Defense Guide

The Colonial Pipeline Attack Changed Everything In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid DarkSide operators $4.4 million in Bitcoin — and even after paying, it took days to restore operations. Fuel shortages hit the East Coast. Panic

Carl B. Johnson Mar 21, 2022 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 61% Problem Nobody Talks About The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. Stolen, reused, guessed, and phished passwords remain the single largest attack vector threat actors exploit today. I've spent years

Carl B. Johnson Feb 15, 2022 6 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2022

In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the eastern United States. The attackers used a legacy VPN account that had no multi-factor authentication. One credential. No additional verification. That's all it took to paralyze critical infrastructure. If you&

Carl B. Johnson Jan 15, 2022 7 min read
Remote Work Cybersecurity Tips

Remote Work Cybersecurity Tips That Actually Work

In July 2021, a remote employee at a Florida IT management firm clicked a link that looked like a routine software update. Within hours, the REvil ransomware gang had compromised Kaseya's VSA platform and cascaded the attack to an estimated 1,500 downstream businesses. The initial foothold? A

Carl B. Johnson Jan 15, 2022 6 min read
Securing Remote Employees

Securing Remote Employees: A Practical Guide for 2022

In July 2021, a ransomware attack on Kaseya's VSA software cascaded through managed service providers and hit up to 1,500 businesses — many of them small companies with remote workers connecting through poorly secured endpoints. The REvil gang demanded $70 million. That single incident crystallized what I'

Carl B. Johnson Jan 15, 2022 8 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2022

The Pulse Secure Breach Should Have Been Your Wake-Up Call In April 2021, CISA issued an emergency directive after threat actors exploited vulnerabilities in Pulse Connect Secure VPN appliances to compromise federal agencies and defense contractors. Attackers maintained persistent access for months before anyone noticed. The tool that was supposed

Carl B. Johnson Jan 06, 2022 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical 2021 Guide

The Misconfiguration That Exposed 3.8 Billion Records In June 2021, researchers discovered an unsecured Elasticsearch instance containing 3.8 billion records — names, emails, phone numbers, and social media profiles compiled from scraped and breached data. It sat wide open on the internet. No password. No access controls. Just a

Carl B. Johnson Dec 23, 2021 7 min read
Shadow IT Risks

Shadow IT Risks: The Threats Hiding in Your Network

Your Employees Are Building a Second Network — And You Can't See It In March 2021, a vulnerability in Microsoft Exchange Server sent security teams scrambling. But here's what didn't make the headlines: many organizations discovered Exchange instances they didn't even know existed.

Carl B. Johnson Dec 23, 2021 8 min read