It feels weird to be writing anything right now that isn't somehow related to Friday's CrowdStrike incident, but given I recorded this video just a few hours before all hell broke loose, it'll have to wait until next week. This week, the issue that really has me worked up is data breach victim notification or more specifically, lack thereof. Following my time in Melbourne and Canberra during the week where I spent a bunch of time with smart people close to the legal, political and law enforcement aspects of infosec, it really hit home how aligned most of us are on protecting the individual victims. Most, but not all; the corporate victims (and yes, companies who suffer data breaches are still victims themselves), rarely set individual victim notification as a priority. That sucks, and it's at direct odds with the messaging we're now hearing loud and clear from our own government. I'm giving a lot of thought to how we bridge that gap so stay tuned, this area has to get better. Much better.
References
- Sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.
- Our Australian Federal Police gave us a couple of very cool challenge coins (law enforcement agencies worldwide often exchange these when meeting up)
- Which got me thinking - why don't we do a Have I Been Pwned challenge coin? (this has actually been on the cards for quite a while and I'm really hoping we can make it come to fruition shortly)
- Spyware - just don't (more than a week on and after millions of people had their personal info exposed, Mspy is still silent on their massive breach)