Mastodawn

If you're in the position to - ask at tabletops and DR recovery practice what the policy should be or is for talking about breaches at your company. I asked the question of my leadership, and it took them by surprise. They were curious to know why I was asking, and it gave me a chance to talk to them about why keeping it under wraps does not necessarily help in the grand scheme.

You may get nowhere, you may get over ridden, they may ultimately tell you in the moment of crisis not to say anything... but it may also be that they simply don't know why it's important to speak up, especially in a small business setting - don't underestimate your subject matter expertise.

It's worth the conversation.

https://www.infosecurity-magazine.com/news/twofifths-it-pros-told-keep/

#securityprofessionals #informationsecurity #cybersecurity #cybersecurityprofessional

Two-Fifths of IT Pros Told to Keep Breaches Quiet

The figure rises to 70% of those in the US

Infosecurity Magazine

Show thread

YetAnotherGeekGuy

Apr 7, 2023

@bluecat
This is great encouragement. I would also add that if the consequence/impact falls outside the organization in any way, a breach cannot be kept secret.

Show thread

Blue Cat Defends!Apr 7, 2023

@YetAnotherGeekGuy It's important for us as organizations to remember we're all on the same side when it comes to cyber defense. It's nothing to do with weakening ourselves to our competitors advantage. Information sharing is valuable and necessary for all of our sakes.