Triggering the Turtle Response: A Cyber Security Misstep?
September 15, 2021
One noble idea is to ask each and every organization to report a cyber attack and data breach. How are noble ideas like this greeted by commercial organizations or government bureaucrats with one eye on SES and one on retirement on a full pension? My hunch is that certain noble ideas are going to be ignored, sidestepped, or bulldozed under legal briefs.
I read “Exclusive: Wide-Ranging SolarWinds Probe Sparks Fear in Corporate America.” The trustworthy outfit Thomson Reuters says:
The SEC is asking companies to turn over records into “any other” data breach or ransomware attack since October 2019 if they downloaded a bugged network-management software update from SolarWinds Corp, which delivers products used across corporate America, according to details of the letters shared with Reuters. People familiar with the inquiry say the requests may reveal numerous unreported cyber incidents unrelated to the Russian espionage campaign, giving the SEC a rare level of insight into previously unknown incidents that the companies likely never intended to disclose.
Many organizations bite the bullet and keep cyber breach info under wraps. Examples include outfits dealing with financial transactions and juicy pharma companies, among others.
What’s going to happen? Investigators will find interesting information to explore and, in the manner of investigators, and piece together.
What’s one method of dealing with this intriguing government request? The turtle response. Pull one’s head into a shell and hope the legal eagles can make it safe to return to pre-SolarWinds’ practices.
Stephen E Arnold, September 15, 2021
Comments
One Response to “Triggering the Turtle Response: A Cyber Security Misstep?”
-
- Subscribe to Beyond Search
Feature archive
News archive
-
[…] are we not surprised? SeattlePI reports, “Americans Have Little Trust in Online Security: AP-NORC […]