March 21, 2022
The volume of cybersecurity incidents is clearly on the rise. As a professional for the past 25 years working in this industry I've seen my fair share of incidents.
As a professional I'm limited to what I can or can not do based on either the companies internal policy / governance or the client's direction. More often than not I've been directed to not comment or release a notice related to a cybersecurity incident.
While disclosing these incidents will not reduce the attack surface, or remove the monetization value proposition for threat actors. However, I do believe it would prompt additional investment in the area of cybersecurity incident response and vulnerability management. Two areas that many organizations fail to address.
Thank You.