Addresses the strategic side of cybersecurity, including risk assessments, security roadmaps, budget allocation, policy development, and long-term defense strategies. Articles help organizations prioritize initiatives and align security efforts with business objectives.
posts
When SolarWinds disclosed in December 2020 that threat actors had compromised their Orion software update mechanism — infiltrating roughly 18,000 customer networks including multiple U.S. government agencies — the breach didn't just expose data. It exposed how many organizations had no real data breach response plan in place.
The SolarWinds breach discovered this month compromised at least 18,000 organizations — including multiple U.S. government agencies — and most of them had no actionable incident response plan template ready when the alerts started firing. I've watched organizations scramble through breaches with nothing but a stale PDF from
The Breach Already Happened — Now What? In March 2023, Latitude Financial discovered a threat actor had accessed 14 million customer records — driver's license numbers, passport copies, financial statements. Their initial disclosure said 328,000 records. Within weeks, that number ballooned to 14 million. The company didn't
The Breach That Proved "We'll Figure It Out" Doesn't Work In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to their help desk. The threat actors impersonated an employee, gained access to
