Heather AdkinsHonored to join with CSRB colleagues (Under Secretary DHS and Chair, Rob Silvers, @dmitri, @k8em0, et al) for a rare opportunity to improve cybersecurity for everyone, by reviewing a grouping of related attacks affecting a wide variety of orgs. https://www.dhs.gov/news/2022/12/02/cyber-safety-review-board-conduct-second-review-lapsus
Brian in PittsburghExcellent news! The CSRB actually investigating security compromises is a good thing!
And I trust that a major topic of enquiry will be the organizational factors that have lead to extremely well-resourced organizations, many of them substantial players in the security industry themselves, having not adopted cryptographic authentication for remote access despite that having been an important recommendation for creating a robust security posture since at least the OPM hack post-mortems.
(Because without that... well, anybody could just assemble a summary of content of news stories and PR releases about known $Lapsus events plus some well-worn advice about using what we now call phishing-resistant authentication.)