Take a look at this diagram. It is like many that float about, which provide a great technical view of cybersecurity, but fully ignoring the behavioral/cognitive aspects. That makes this very shortsighted. Even if you had perfect technology controls for everything listed, an admin making a mistake or purposeful attack, would bypass everything.

Did you know that over 100 million AT&T customers had their data breached? Check out my latest post and video explaining what you need to know and what we all need AT&T to do, to secure customer data!

https://www.bulbapp.io/p/7573c365-5b11-453c-bc9e-b1c98822bdb4/att-data-breach-understanding-the-fallout

2026 Cybersecurity Predictions are Coming!
Two months in the making and I am almost finished with my 2026 Cybersecurity Predictions! Just wrapping up the final version of both predictions and anti-predictions for the next year in #cybersecurity!

In the meantime, review what I had to say in my 2025 predictions and see if I actually have some worthwhile insights - or perhaps a cracked crystal ball. https://open.substack.com/pub/matthewrosenquist/p/10-cybersecurity-predictions-for

“I didn’t click anything suspicious” is common after overnight drains.
The damage usually came earlier: an approval or signature that you had forgotten about.
Defense: keep vault wallets isolated, sign less, review approvals, revoke often.

Private Military Companies are organized mercenaries for hire in a lucrative business. We see them in physical conflicts, but what about the cyber battlefields?

Governments hire private organizations to do their hacking, gather intelligence, disrupt critical infrastructures, and push misinformation campaigns.

The Economist recently did a piece on PMCs but it misses the evolution of how cyber mercenaries are being organized and used governments to do battle in cyberspace!

7 Cybersecurity tips to avoid being scammed and losing crypto
1. Telegram and other social sites are not trustworthy...
2. Just because they know a lot about you, it is NOT proof of their legitimacy...
3. Meet people in person (if it is safe) or via video meeting...
4. Never click a link or go to an untrusted webpage URL...
5. Never open programs or attachments from untrusted persons...
6...

Full article: https://open.substack.com/pub/matthewrosenquist/p/tips-to-avoid-online-fraud-and-crypto

🔐 The Rise of AI-Powered Phishing — How to Spot the New Threat

Cybercrime just got smarter — and far more dangerous.

🧠 AI is now being used to craft convincing phishing scams that seem legit, complete with personalized details straight from your social profiles.

Shoutout to @MRosenquist for this fantastic blog!

Read here

Ransomware Attack Ends a 150 Year Company.

A 150-year-old UK company is gone – due to a cyberattack! It is an example of how #cybersecurity matters to every company that depends on digital technology. Failures in cybersecurity can cause catastrophic impacts, including the total loss of a business.

UK proposes ransomware payment ban for public sector. About time! This is how we defeat ransomware for everyone!

Such limits will choke the very motivation of cybercriminals. If criminals know they will not be paid by certain entities, they will move on to other victims who will.

This is a good start, but we must expand it. Yes, it seem scary but it will work. For details, see the links in the article.
https://open.substack.com/pub/matthewrosenquist/p/uk-proposes-ransomware-payment-ban