|
|
|
|
|
|
by AnonC
973 days ago
|
|
|
Since this is a general comment, here are some general responses. > It means they learned something, That’s debatable. > and they are now stronger as a company Really not sure we can assume this unless the company is transparent, quickly apologetic and clearly says what it will do. > and are less likely to have the same security breach happen again If there’s one thing I’ve seen in the industry, companies change because their people change and policies change and external pressures change. There is absolutely no way to be over optimistic and believe that things won’t get far worse in the future. Information security doesn’t get a lot of long term attention. There’s too much fatigue by constant breaches and leaks that companies do the minimum PR to let it slide in a few days or weeks. Even any government hearings will be met with PR statements and sentences that nobody actually believes. |
|
|
To add to your thinking
Stronger: How much stronger? How do you measure? How do you test?
Less Likely: How much less likely? And could it instead make them more likely to see attacks since they've been exposed.
It doesn't take much to lose sight of proper controls, processes, etc. Something simple like team turnover can cause something to be missed.
Also, re: transparency, it's going to be interesting to see how companies handle the SEC's new rule regarding material cybersecurity issues.
Clorox, as an example, has released multiple 8Ks recently as they continue to work through their August incident.
https://www.sec.gov/news/press-release/2023-139