J Wolfgang GoerlichDec 13, 2022

Albanian IT Workers Facing Seven Years in Prison for Not Updating Software
https://slate.com/technology/2022/12/albania-cyberattack-iran-it-workers-arrested.html

While some in cyber security have wanted more engagement from regulators for a long time, this is rather concerning.

The Government Workers Facing Seven Years in Prison for Not Updating Software

Their mistake appears to have had enormous consequences, but this seems like overkill.

Slate
Show thread0ddj0bb

@jwgoerlich #PatchAllTheThings or "you could face jailtime" is a fantastic thing to tell your IT workforce.

And why not put the infosec people who also knew about the vulns and didnt say anything or didnt get a patch exception or risk acceptance from those folks?

Man thats some scary shit

Dec 13, 2022 at 5:14pmWeb
Show thread0ddj0bbDec 13, 2022

@jwgoerlich think of the economy of work that creats where infosec peeps who dont wanna go to prison just start copying regulatory bodies on emails to internal it folks for not patching just trying to avoid jail time and show that they made an attempt to raise the issue.

Think of the resignations "hi, protecting you from business risk has become too risky for me" what a statement.

And what a #Glassof0J this could make!