#incident-management — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #incident-management, aggregated by home.social.
-
The New Digital Battlefield: Why 2026 Demands a Hardened Security Stance
2,251 words, 12 minutes read time.
The digital landscape has fundamentally shifted, and if you are still looking at your network through the lens of yesterday’s defensive strategies, you are already behind. We have entered an era where the perimeter is not just porous; it is effectively non-existent. As we navigate 2026, the rise of agentic artificial intelligence has transformed the threat landscape from a series of isolated incidents into a continuous, automated, and relentless war of attrition. Adversaries are no longer manually probing for weaknesses during business hours; they are deploying autonomous software agents that scout, exploit, and pivot through complex multi-cloud environments without human intervention. This shift marks the end of the era where reactive patch management and static firewall rules could keep an enterprise safe. Analyzing the current trajectory of these automated threats, it is clear that the primary battlefield has moved from the network edge to the identity layer, making every single access request a potential point of compromise that requires immediate, granular verification.
The Weaponization of Intelligence and the Death of Perimeter Defense
The most significant change to the security landscape this year is the democratization of sophisticated offensive tools. Attackers have evolved beyond simple phishing schemes, utilizing generative models to craft hyper-personalized deception campaigns that are virtually indistinguishable from legitimate communications. These are not the poorly translated emails of a decade ago; these are synthesized audio, video, and text-based deepfakes that exploit human psychology by mimicking trusted colleagues or vendors. When I look at the rapid maturation of these technologies, I see a clear pattern of adversaries targeting the human element while simultaneously leveraging machine learning to identify and exploit zero-day vulnerabilities in public-facing applications. The traditional concept of a “trusted network” has been completely eroded by this reality. It is no longer enough to guard the gates; organizations must now assume that their internal environments are already compromised and operate with a mindset of constant, zero-trust verification.
Moving Beyond Prevention Toward Active Operational Resilience
Prevention remains a fundamental goal, but in 2026, it is no longer the sole pillar of a successful security posture. The smartest organizations are now shifting their focus toward operational resilience, which acknowledges the inevitability of a security incident and prioritizes the ability to withstand, contain, and recover from such events in real time. This transition requires a move away from reliance on human analysts to manually triage every alert. We are seeing a necessary pivot toward automated incident response frameworks that can detect anomalies and orchestrate remediation actions at machine speed. By integrating security orchestration, automation, and response tools into a unified platform, security teams are finally beginning to close the gap between detection and mitigation. This level of responsiveness is the only way to counter the speed of agentic AI attacks, as traditional manual processes are simply too slow to keep pace with an adversary that never sleeps and never tires.
The Silent Expansion of the Shadow AI WorkforceOne of the most insidious threats currently facing enterprises is the unchecked proliferation of shadow AI agents. In 2026, it is no longer just about employees using unapproved chatbots to summarize meeting notes; we are witnessing the deployment of autonomous agents that have been granted direct, persistent access to critical business data and internal systems. These digital coworkers operate with a level of agency that far outstrips simple automation, performing tasks like financial reporting, supply chain adjustments, and email management without constant human oversight. When an organization fails to maintain a comprehensive inventory of these agents, it effectively creates a shadow workforce that exists entirely outside the purview of traditional identity and access management systems. This identity sprawl introduces a massive, hidden attack surface where a single misconfigured agent—or one compromised through a malicious prompt injection—can initiate a cascade of unauthorized actions across the corporate network. Because these agents are designed to move data and execute processes, they essentially function as authorized insiders with elevated privileges, making the task of distinguishing between legitimate autonomous operations and malicious activity an increasingly complex needle-in-a-haystack problem.
Why Identity Has Replaced the Network as the Primary Battleground
For years, the industry obsessed over the network perimeter, pouring capital into firewalls and intrusion detection systems to keep the bad guys out. That era is definitively over. In the current threat environment, identity is the new perimeter, and it is failing under the weight of AI-powered credential abuse and deepfake deception. Attackers are no longer focused on finding a hole in a firewall; they are finding ways to walk through the front door using stolen or synthesized credentials that appear entirely authentic. When I evaluate the efficacy of modern security controls, it is obvious that static multi-factor authentication is no longer enough to stop an adversary who can perform real-time biometric spoofing or orchestrate a multi-stage social engineering attack that mimics an executive’s voice or likeness during a critical transaction. Every single access request must now be treated as a high-stakes event, validated against real-time behavioral patterns, device health telemetry, and geolocation data. We have moved into a world where trust must be continuously earned through granular verification, and any system that assumes a user or an agent is “trusted” based on a single point of entry is simply begging to be exploited.
The Rising Tide of Supply Chain and API Vulnerabilities
While the focus on agentic AI and identity is necessary, we cannot afford to ignore the systemic rot within our interconnected software ecosystems. Modern applications are built on a sprawling web of third-party APIs, open-source libraries, and cloud-native integrations that create countless back doors into an organization’s most sensitive data. Attackers have realized that they do not need to break through the fortified front door of a target company when they can instead compromise a trusted vendor, a CI/CD workflow, or an OAuth token that grants them indirect, authenticated access. The data from the past year confirms a dramatic increase in the exploitation of public-facing applications, often leveraged through these compromised trust relationships. This means that an organization’s security posture is only as strong as its weakest third-party integration. Moving forward, the only way to mitigate this risk is to treat every API and every software dependency as a potential ingress point, enforcing rigorous oversight and ensuring that security transparency extends far beyond the internal walls of the enterprise.
The Escalation of Data Poisoning and Model Integrity Risks
While much of the industry attention has been captured by the potential for AI-driven external attacks, there is an equally dangerous, albeit quieter, evolution occurring within the integrity of the data that powers these systems. We are currently facing a crisis of confidence regarding the inputs that drive corporate decision-making and autonomous workflows. In 2026, it is not enough to secure the infrastructure; we must now confront the reality of data poisoning, where adversaries inject subtle, malicious anomalies into the datasets used for training or fine-tuning enterprise machine learning models. This is not about a sudden, catastrophic system failure that triggers a loud alarm; it is about the gradual, calculated subversion of business logic. When an attacker successfully manipulates the underlying data, they can induce a model to make flawed recommendations, prioritize fraudulent transactions, or ignore malicious patterns in security logs. This turns a company’s most potent technological asset into a Trojan horse, working silently against the organization’s interests from the inside out. Securing the data pipeline has become a top-tier security imperative, requiring rigorous provenance tracking, continuous auditability of training sets, and the implementation of robust adversarial training techniques designed to identify and reject manipulated inputs before they can degrade the model’s reliability.
Addressing the Looming Talent Gap and Defensive Burnout
The rapid pace of technological change is not only taxing our technical systems; it is pushing human defenders to their absolute breaking point. We are operating in an environment where the volume, variety, and velocity of security alerts have completely outstripped the cognitive capacity of traditional security operations center teams. Expecting human analysts to keep pace with adversaries who are utilizing automated agents to conduct attacks at machine speed is a recipe for failure and inevitable burnout. This is why the integration of advanced analytics and automated triage is no longer just a luxury for the largest organizations; it is a fundamental survival requirement. The goal is to move the human element up the value chain, shifting the focus from mundane, repetitive monitoring tasks toward high-level threat hunting, architecture design, and strategic oversight. By offloading the grunt work of log aggregation, initial correlation, and basic incident containment to intelligent machines, we can preserve the sanity of our teams while simultaneously reducing the dwell time of attackers within our environments. A security strategy that fails to account for the human element of this equation is doomed to fall apart as the attrition rates in cybersecurity continue to climb in response to this relentless, high-pressure digital conflict.
Building a Future-Proof Architecture Based on Radical Transparency
Looking toward the remainder of this year and beyond, the only way for any organization to maintain a viable security stance is to embrace a philosophy of radical transparency and aggressive defensive engineering. We must abandon the secrecy that has historically defined corporate security departments and instead adopt a model of shared intelligence. This means actively participating in industry threat-sharing consortia, automating the ingestion of real-time indicators of compromise, and building systems that are designed to be observable at every layer of the stack. A closed, proprietary system is inherently more fragile in the current climate than an open, well-audited, and resilient architecture. We need to move toward a future where security controls are not just bolted onto existing infrastructure as an afterthought, but are instead natively woven into the software development lifecycle, the CI/CD pipeline, and the very identity frameworks that govern access. The threats we face today are systemic and collaborative; our defenses must be equally coordinated, pervasive, and uncompromising if we are to have any hope of maintaining control over our digital domains.
The Final Synthesis: Adapting to the Persistent Threat Paradigm
As we look toward the horizon, it becomes clear that the distinction between a peaceful digital state and an active security incident has effectively dissolved. We are no longer living in a world of binary outcomes where one is either secure or compromised. Instead, we are navigating a permanent state of high-intensity conflict where persistent, automated threats constantly probe for the slightest deviation in our operational baseline. Success in this environment is not defined by the absence of attacks, but by the ability to maintain the continuity of business operations while under fire. This requires a fundamental departure from the legacy mindset of static defenses and annual compliance audits. It demands a posture that is defined by agility, continuous monitoring, and the willingness to radically restructure how we manage identity, data, and software supply chains. The organizations that thrive will be those that accept this reality and invest heavily in the defensive infrastructure that allows them to observe, adapt, and respond faster than the adversary can evolve.
Institutionalizing Vigilance as a Core Business Function
The ultimate takeaway from the current threat landscape is that cybersecurity can no longer be sequestered into a back-office IT department. It must be elevated to a board-level priority that dictates how the company handles everything from vendor selection to product development. When leadership treats security as a checkbox, they are fundamentally misunderstanding the existential risk that these automated threats pose to their market position and operational integrity. I see this reality manifesting in the increasing frequency of leadership turnover within organizations that fail to treat security as a first-order business risk. If you are not integrating security into your organizational DNA, you are building your future on a foundation that is already actively being undermined by adversaries. Establishing a culture of vigilance means fostering a workforce that is trained to recognize the signs of deception, ensuring that security-by-design is non-negotiable for every engineering team, and maintaining a budget that reflects the severity of the threat landscape.
Securing the Path Forward in a Hostile Digital Ecosystem
In closing, the path forward is narrow and requires an uncompromising commitment to technical excellence. We cannot afford to be complacent, nor can we afford to trust in the effectiveness of legacy solutions that were never designed to operate against AI-driven adversaries. The future of security is about visibility, automation, and the ruthless elimination of unnecessary trust. It is about building a defense that is as intelligent, distributed, and persistent as the threats we are up against. This is not a short-term project that can be completed and filed away; it is a permanent change in how we operate, build, and interact in the digital world. The landscape will continue to shift, and the tools available to our adversaries will continue to improve, but by focusing on robust identity management, resilient architecture, and an unwavering commitment to data integrity, we can maintain the upper hand. The battle for the digital future is ongoing, and only those who are willing to adapt, innovate, and secure their environments with extreme prejudice will remain standing when the smoke clears.
SUPPORTSUBSCRIBECONTACT MED. Bryan King
Sources
- CISA Cybersecurity Advisories
- NIST Cybersecurity Framework
- ENISA Threat Landscape Reports
- SANS Institute Security Blog
- Gartner Cybersecurity Research
- CrowdStrike Global Threat Report
- Mandiant M-Trends Report
- Palo Alto Networks Cyberpedia
- Google Security Blog
- Microsoft Security Blog
- IBM Cost of a Data Breach Report
- CIS Critical Security Controls
- Cybereason Defense Blog
- Dark Reading
- The Hacker News
- Recorded Future Intelligence
- Rapid7 Security Blog
- Unit 42 Threat Intelligence
- FireEye Threat Research
- Tenable Research Blog
- AlienVault Security Essentials
- Varonis Data Security Blog
- Proofpoint Security Blog
- Trend Micro Security News
- Check Point Research
- Recorded Future Threat Intelligence
- Kaspersky Daily
- FortiGuard Labs
- Cisco Security Reports
- Splunk Security Blog
- CrowdStrike Blog
- CyberScoop
- SC Media
- ZDNet Security
- BleepingComputer
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#agenticAIThreats #AIDrivenThreats #APIVulnerabilities #automatedDefense #automatedIncidentResponse #automatedSecurityTools #autonomousCyberAttacks #behavioralAnalytics #biometricSpoofing #cloudSecurity #credentialAbuse #cyberHygiene #cyberResilience #cyberRiskManagement #cyberWarfare #cybersecurityBestPractices #cybersecurityFuture #cybersecurityLeadership #cybersecurityPosture #cybersecurityStrategy #cybersecurityTrends2026 #dataPoisoning #deepfakeDetection #digitalInfrastructure #enterpriseProtection #enterpriseRisk #enterpriseSecurity #identityCentricSecurity #incidentManagement #informationSecurity #modelIntegrity #networkDefense #operationalResilience #riskManagement #securityAutomation #securityOperationsCenter #securityByDesign #shadowAI #softwareSupplyChain #supplyChainSecurity #threatHunting #threatIntelligence #threatLandscape #threatMitigation #ZeroTrustArchitecture -
The Engineering Leadership Crisis Nobody Talks About 🚨 #EngineeringLeadership #SoftwareEngineering #PlatformEngineering #TechLeadership #Microservices #SRE
Modern engineering teams are collapsing under platform complexity, AI chaos, organizational scaling failures, and unreliable architectures. This deep technical leadership guide explains how elite engineering leaders manage platform rewrites, reliability crises, organizational chaos, and large-scale modernization without destroying delivery velocity. #SoftwareArchitecture #EngineeringManagement #DevOps #CloudComputing #Leadership -
The Engineering Leadership Crisis Nobody Talks About 🚨 #EngineeringLeadership #SoftwareEngineering #PlatformEngineering #TechLeadership #Microservices #SRE
Modern engineering teams are collapsing under platform complexity, AI chaos, organizational scaling failures, and unreliable architectures. This deep technical leadership guide explains how elite engineering leaders manage platform rewrites, reliability crises, organizational chaos, and large-scale modernization without destroying delivery velocity. #SoftwareArchitecture #EngineeringManagement #DevOps #CloudComputing #Leadership -
Mean time to repair directly impacts revenue and trust. When automation cuts MTTR by over 50%, the business case becomes clear: fewer escalations, less downtime, and calmer teams.
-
CNA disclosed an external system breach affecting 5,875 individuals, involving unauthorized access and exposure of personal identifiers with additional sensitive data.
Notification timing remains pending, while 12 months of credit monitoring and identity theft protection are being offered. The case highlights ongoing challenges around breach confirmation and third-party coordination.
What controls help reduce discovery gaps in financial environments?
Follow @technadu for factual breach reporting.
#InfoSec #FinancialCyber #IncidentManagement #DataBreach #Privacy #TechNadu
-
The 2024 CrowdStrike outage caused a worldwide Windows Blue Screen crash, impacting airlines, banks, and enterprises.
This deep dive explains how DevOps & SRE teams mitigated impact, recovered systems, and prevented total failure.
🔗 https://shorturl.at/VLqxz#CrowdStrikeOutage #DevOps #SRE #IncidentManagement #CyberResilience #CloudOps #PostMortem #ReliabilityEngineering #aws
-
Inha University disclosed a ransomware incident that temporarily disrupted services and was reported to KISA and the Personal Information Protection Commission. Systems were restored within the same day, while claims of internal data exposure by a ransomware group remain under investigation.
The incident reflects ongoing challenges in securing academic environments that combine legacy systems, personal data, and open-access infrastructure.
What controls should higher education prioritize against ransomware?
Engage in discussion and follow @technadu for factual InfoSec coverage.
#InfoSec #RansomwareDefense #HigherEdSecurity #IncidentManagement #DataProtection #TechNadu
-
#Development #Findings
The Pragmatic Engineer 2025 Survey (Part 3) · Which tools do software engineers use today? https://ilo.im/167n2s_____
#Observability #IncidentManagement #Experimentation #TechStack #Tooling #Frameworks #DevOps #WebDev #Frontend -
#Development #Findings
The Pragmatic Engineer 2025 Survey (Part 3) · Which tools do software engineers use today? https://ilo.im/167n2s_____
#Observability #IncidentManagement #Experimentation #TechStack #Tooling #Frameworks #DevOps #WebDev #Frontend -
Auch 2026 findet wieder ein #GI-SPRING-Graduiertenworkshop der Fachgruppe Security - Intrusion Detection and Response (SIDAR) statt. Diesmal am 21. und 22.04.2026 in #Heidelberg.
Zu den Themen gehören #VulnerabilityAssessment, #ThreatIntelligence, #IntrusionDetection, #Malware, #IncidentManagement, #WirelessSecurity, #DigitalForensics usw.
Einreichungen werden bis zum 15.03.2026 angenommen.
-
Auch 2026 findet wieder ein #GI-SPRING-Graduiertenworkshop der Fachgruppe Security - Intrusion Detection and Response (SIDAR) statt. Diesmal am 21. und 22.04.2026 in #Heidelberg.
Zu den Themen gehören #VulnerabilityAssessment, #ThreatIntelligence, #IntrusionDetection, #Malware, #IncidentManagement, #WirelessSecurity, #DigitalForensics usw.
Einreichungen werden bis zum 15.03.2026 angenommen.
-
Today's AWS outage was a stark reminder: what happens when the tools you rely on to manage incidents... are part of the incident?
When Slack, Zoom, PagerDuty, and even Statuspage are impacted, how do you get your response team re-connected to solve the underlying problem? Once they're talking to each other, they can improvise a response, but that first step of re-establishing contact is critical.
This isn't just a hypothetical. It's a real-world scenario that can paralyze even the most prepared organizations. Relying on a plan that's tucked away in a long-forgotten document is a recipe for disaster.
Here's what I recommend to the leaders I advise:
🔹 Have a "Rally Point" Plan: Don't just have a backup concept; have a pre-defined, communicated, and accessible fallback plan. Every second counts in an incident, and you can't waste time figuring out where to communicate. If you normally use Slack and Zoom, then think Google Meet or Microsoft Teams for your backup, and vice versa. Maybe even an old-fashioned conference call bridge. The key is that everyone knows where to go, when the normal places aren't working.
🔹 Make it Accessible: Your plan is useless if it's on a server that nobody can get to at the moment. Laminated wallet cards, a shared password vault with offline access, or a regularly updated file on every employee's laptop are all viable options.
🔹 Practice, Practice, Practice: Fire drills aren't just for fires. Run drills for your fallback communication plan. This ensures everyone remembers it exists and that the mechanisms still work.
🔹 Don't Forget Security: Assume that your fallback channel is compromised, and that outsiders are listening in. Use it just as a rendezvous point to direct responders to more secure, authenticated channels, where you can validate every participant. Don't discuss sensitive information in the open.
Incidents are costly, not just in revenue, but in reputation and team morale. Proactive preparation isn't a luxury; it's a necessity.
What's your team's communication fallback plan? Share your thoughts in the comments below. 👇
#IncidentManagement #BusinessContinuity #SiteReliability #DevOps #AWSOutage
-
Today's AWS outage was a stark reminder: what happens when the tools you rely on to manage incidents... are part of the incident?
When Slack, Zoom, PagerDuty, and even Statuspage are impacted, how do you get your response team re-connected to solve the underlying problem? Once they're talking to each other, they can improvise a response, but that first step of re-establishing contact is critical.
This isn't just a hypothetical. It's a real-world scenario that can paralyze even the most prepared organizations. Relying on a plan that's tucked away in a long-forgotten document is a recipe for disaster.
Here's what I recommend to the leaders I advise:
🔹 Have a "Rally Point" Plan: Don't just have a backup concept; have a pre-defined, communicated, and accessible fallback plan. Every second counts in an incident, and you can't waste time figuring out where to communicate. If you normally use Slack and Zoom, then think Google Meet or Microsoft Teams for your backup, and vice versa. Maybe even an old-fashioned conference call bridge. The key is that everyone knows where to go, when the normal places aren't working.
🔹 Make it Accessible: Your plan is useless if it's on a server that nobody can get to at the moment. Laminated wallet cards, a shared password vault with offline access, or a regularly updated file on every employee's laptop are all viable options.
🔹 Practice, Practice, Practice: Fire drills aren't just for fires. Run drills for your fallback communication plan. This ensures everyone remembers it exists and that the mechanisms still work.
🔹 Don't Forget Security: Assume that your fallback channel is compromised, and that outsiders are listening in. Use it just as a rendezvous point to direct responders to more secure, authenticated channels, where you can validate every participant. Don't discuss sensitive information in the open.
Incidents are costly, not just in revenue, but in reputation and team morale. Proactive preparation isn't a luxury; it's a necessity.
What's your team's communication fallback plan? Share your thoughts in the comments below. 👇
#IncidentManagement #BusinessContinuity #SiteReliability #DevOps #AWSOutage
-
In DevOps, the real differentiator at 2 AM isn’t just the tech stack—it’s the soft skills that hold the line. Explore actual incident stories, unexpected lessons, and the human side of DevOps in “DevOps Soft Skills That Save You at 2 AM”.
Read more: https://shorturl.at/NabPS -
Some folks may recall my anger on August 18 over a vendor who wasn't responding to alerts about exposing their clients' data. The data included court files or records that were confidential or even sealed. At the time, researchers had discovered two entities that were exposed. They subsequently discovered more.
Yesterday, the vendor -- who had even ignored a call from the FBI -- finally secured one of the two after the client finally reached them on the phone.
The vendor told them they had fixed the problem. But did they?
[SPOILER ALERT: No.]
You won't believe what happened next, or maybe you will, but you'll have to stay tuned for this story, which has now gotten astronomically bigger because not only were the data still not secured but the vendor -- after claiming that the researchers had used hacking techniques to access unsecured data -- inexplicably sent the client a list of ALL of vendor's clients with their technical details AND ALL OF THEIR LOGIN CREDENTIALS.
[WTF!?]
I have never been as tempted to issue an actual press release warning all entities about a specific vendor, but... wow.
Stay tuned. Eventually, I will write this all up, but first, I want to hear what the client's lawyers and insurers decide to do to hold the vendor accountable.
(August 18 post: https://infosec.exchange/deck/@PogoWasRight/115033245331860859)
#databreach #dataleak #incidentresponse #incidentmanagement #thirdparty #vendor #accountability
-
Some folks may recall my anger on August 18 over a vendor who wasn't responding to alerts about exposing their clients' data. The data included court files or records that were confidential or even sealed. At the time, researchers had discovered two entities that were exposed. They subsequently discovered more.
Yesterday, the vendor -- who had even ignored a call from the FBI -- finally secured one of the two after the client finally reached them on the phone.
The vendor told them they had fixed the problem. But did they?
[SPOILER ALERT: No.]
You won't believe what happened next, or maybe you will, but you'll have to stay tuned for this story, which has now gotten astronomically bigger because not only were the data still not secured but the vendor -- after claiming that the researchers had used hacking techniques to access unsecured data -- inexplicably sent the client a list of ALL of vendor's clients with their technical details AND ALL OF THEIR LOGIN CREDENTIALS.
[WTF!?]
I have never been as tempted to issue an actual press release warning all entities about a specific vendor, but... wow.
Stay tuned. Eventually, I will write this all up, but first, I want to hear what the client's lawyers and insurers decide to do to hold the vendor accountable.
(August 18 post: https://infosec.exchange/deck/@PogoWasRight/115033245331860859)
#databreach #dataleak #incidentresponse #incidentmanagement #thirdparty #vendor #accountability
-
🚀 Behold, the ultimate library for the technical leader who can’t lead without a script! 🌟 With over 1,000 #resources, you can now master the art of telling others what to do while pretending to manage incidents like a pro. 📚 Perfect for those who need a step-by-step guide to breathe in the world of tech leadership. 🦆
https://debuggingleadership.com/stdlib #techleadership #managementguide #incidentmanagement #leadershipskills #HackerNews #ngated -
🚀 Behold, the ultimate library for the technical leader who can’t lead without a script! 🌟 With over 1,000 #resources, you can now master the art of telling others what to do while pretending to manage incidents like a pro. 📚 Perfect for those who need a step-by-step guide to breathe in the world of tech leadership. 🦆
https://debuggingleadership.com/stdlib #techleadership #managementguide #incidentmanagement #leadershipskills #HackerNews #ngated -
Agile ITSM turns rigid processes into rapid value—what’s your next move? #AgileITSM #DigitalTransformation #ITLeadership #ModernIT #DevOps #ITOps #AgileMindset #ServiceExcellence #IncidentManagement #ContinuousImprovement #Automation #SelfService #Collaboration #Swarming #MTTR #MTTD #Metrics #Innovation #CustomerSatisfaction
https://medium.com/@sanjay.mohindroo66/beyond-the-ticket-agile-itsm-for-speed-clarity-and-impact-550a98882cb1 -
Release It! by Michael T. Nygard
"Manage perceptions after a major #incident It’s as important as managing the incident itself."
-
In August 2020, @SchizoDuckie and I published what was to become the first of a series of articles or posts called "No Need to Hack When It's Leaking."
In today's installment, I bring you "No Need to Hack When It's Leaking: Brandt Kettwick Defense Edition." It chronicles efforts by @JayeLTee, @masek, and I to alert a Minnesota law firm to lock down their exposed files, some of which were quite sensitive.
Read the post and see how even the state's Bureau of Criminal Apprehension had trouble getting this law firm to respond appropriately.
Great thanks to the Minnesota Bureau of Criminal Apprehension for their help on this one, and to @TonyYarusso and @bkoehn for their efforts.
#dataleak #misconfiguration #incidentresponse #incidentmanagement #responsibledisclosure #securityalert #infosec
-
In August 2020, @SchizoDuckie and I published what was to become the first of a series of articles or posts called "No Need to Hack When It's Leaking."
In today's installment, I bring you "No Need to Hack When It's Leaking: Brandt Kettwick Defense Edition." It chronicles efforts by @JayeLTee, @masek, and I to alert a Minnesota law firm to lock down their exposed files, some of which were quite sensitive.
Read the post and see how even the state's Bureau of Criminal Apprehension had trouble getting this law firm to respond appropriately.
Great thanks to the Minnesota Bureau of Criminal Apprehension for their help on this one, and to @TonyYarusso and @bkoehn for their efforts.
#dataleak #misconfiguration #incidentresponse #incidentmanagement #responsibledisclosure #securityalert #infosec
-
The Information and Privacy Commissioner of Ontario has completed a review into Daixin Team's massive cyberattack on five regional hospitals in 2023 and found hospital officials acted “adequately.”
Perhaps the most notable aspect of the report (from my perspective) was that the IPC said the hospitals were obligated to notify patients whose data had been encrypted (and not just those whose data had been exfiltrated). They saw no point in requiring that now, but wanted it noted that it should have happened.
So that seems to be making PHIPA's interpretation clearer for future victims of encryption incidents.
The full report makes an interesting read.
PHIPA Decision 284:
https://decisions.ipc.on.ca/ipc-cipvp/phipa/en/item/521986/index.do#PHIPA #notification #incidentmanagement #databreach #ransomware
-
The Information and Privacy Commissioner of Ontario has completed a review into Daixin Team's massive cyberattack on five regional hospitals in 2023 and found hospital officials acted “adequately.”
Perhaps the most notable aspect of the report (from my perspective) was that the IPC said the hospitals were obligated to notify patients whose data had been encrypted (and not just those whose data had been exfiltrated). They saw no point in requiring that now, but wanted it noted that it should have happened.
So that seems to be making PHIPA's interpretation clearer for future victims of encryption incidents.
The full report makes an interesting read.
PHIPA Decision 284:
https://decisions.ipc.on.ca/ipc-cipvp/phipa/en/item/521986/index.do#PHIPA #notification #incidentmanagement #databreach #ransomware
-
🚨 Cyber threats are evolving fast! 74% of CISOs are increasing their crisis simulation budgets in 2025 to stay ahead. With high-profile breaches on the rise, organizations must test and refine their response strategies.
At RELIANOID, we provide the tools to enhance cyber resilience and ensure businesses are always prepared. 🛡️
#CyberSecurity #CrisisResponse #IncidentManagement #CISO #RELIANOID
https://www.relianoid.com/blog/cisos-are-increasing-crisis-simulation-budgets/ -
Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
#databreach #ransomware #IncidentManagement #disclosure #transparency #healthsec #HIPAA
-
Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
#databreach #ransomware #IncidentManagement #disclosure #transparency #healthsec #HIPAA
-
"If you focus too narrowly on preventing the specific details of the last incident, you’ll fail to identify the more general patterns that will enable your future incidents."
Great blog post from @norootcause
-
"If you focus too narrowly on preventing the specific details of the last incident, you’ll fail to identify the more general patterns that will enable your future incidents."
Great blog post from @norootcause
-
B.C. health authority faces class-action lawsuit over 2009 data breach
Let's see... they didn't prevent breaches, they didn't detect breaches on their own, and they didn't notify 20,000 employees timely or provide any mitigation services timely or at all.
But can plaintiffs prevail?
#databreach #infosec #cybersecurity #incidentmanagement #litigation
-
B.C. health authority faces class-action lawsuit over 2009 data breach
Let's see... they didn't prevent breaches, they didn't detect breaches on their own, and they didn't notify 20,000 employees timely or provide any mitigation services timely or at all.
But can plaintiffs prevail?
#databreach #infosec #cybersecurity #incidentmanagement #litigation
-
Mastering #TelemetryPipelines ensures high #ApplicationPerformance, cost efficiency, and security compliance. Implement best practices and stay ahead in #Observability & #Monitoring. #CloudComputing #DevOps #AI #Cybersecurity #ITGovernance #DigitalTransformation #DataAnalytics #Logging #IncidentManagement
https://medium.com/@sanjay.mohindroo66/how-to-use-telemetry-pipelines-to-maintain-application-performance-9d0972585d81 -
Just blogged: The Opiates of Root Cause and Counterfactual Reasoning
-
Just blogged: The Opiates of Root Cause and Counterfactual Reasoning
-
At RELIANOID, we help teams move from:
🚨 Chaos (fragmented tools & manual processes)
➡️ Proactive resilience (collaborative, data-driven systems).Break the "doom loop" of incident management. Let's build a culture where incidents = opportunities. 💡
#IncidentManagement #ITResilience #RELIANOID
https://www.relianoid.com/blog/transforming-incident-management-with-relianoids-support-services/ -
Mastering #TelemetryPipelines ensures high #ApplicationPerformance, cost efficiency, and security compliance. Implement best practices and stay ahead in #ITGovernance #DigitalTransformation #DataAnalytics #Logging #IncidentManagement
https://medium.com/@sanjay.mohindroo66/how-to-use-telemetry-pipelines-to-maintain-application-performance-9d0972585d81 -
I am very happy because my DevEx team at work is becoming a lot more official and getting a lot of attention. Which means we may be able to officially make it a real team and the three of us can be 100% on it. So we're creating a new wiki space and top-level jira project and all that.
But sad, too, because I am moving resilience and incident documentation out of SRE and into our space. Because I am more concerned about seeing the work get done than I am about what team should own it.
So I'm satisfied that incident program management fell into DevEx. There are also no other SREs but me (out of like 12) that like dealing with incident management anyway.
My boss said that after what I did with the retro, he is completely comfortable having me oversee the improvement of our incident management.
Seems like I am becoming adept at fixing fucked on-call rotations!
-
I am very happy because my DevEx team at work is becoming a lot more official and getting a lot of attention. Which means we may be able to officially make it a real team and the three of us can be 100% on it. So we're creating a new wiki space and top-level jira project and all that.
But sad, too, because I am moving resilience and incident documentation out of SRE and into our space. Because I am more concerned about seeing the work get done than I am about what team should own it.
So I'm satisfied that incident program management fell into DevEx. There are also no other SREs but me (out of like 12) that like dealing with incident management anyway.
My boss said that after what I did with the retro, he is completely comfortable having me oversee the improvement of our incident management.
Seems like I am becoming adept at fixing fucked on-call rotations!
-
(sorry, job posting only in German, but still maybe interesting for some)
SEC Consult sucht einen Teamleiter und Incident Manager in Deutschland:
https://sec-consult.com/de/karriere/detail/teamlead-f-m-d-cyber-defense-incident-response/
#getfedihired #jobalert #jobsearch #hiring #dfir #IncidentManagement #teamleiter
-
(sorry, job posting only in German, but still maybe interesting for some)
SEC Consult sucht einen Teamleiter und Incident Manager in Deutschland:
https://sec-consult.com/de/karriere/detail/teamlead-f-m-d-cyber-defense-incident-response/
#getfedihired #jobalert #jobsearch #hiring #dfir #IncidentManagement #teamleiter
-
Lexington School District Four in SC reported that 15,894 residents were affected by the PowerSchool breach. The state reached out to districts on Jan. 8 to tell them what was known at that time.
The district filed this with the state today: https://www.consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/2025/LexingtonSchoolDistrictFour.pdf
It appears to be a copy of what they have sent out to residents as a preliminary notification.
If memory serves, PowerSchool had told districts they would be giving them something for communications by the evening of the 8th. Did they ever do that? Or are the four bullets in the district's notification what #PowerSchool gave districts to use?
-
Lexington School District Four in SC reported that 15,894 residents were affected by the PowerSchool breach. The state reached out to districts on Jan. 8 to tell them what was known at that time.
The district filed this with the state today: https://www.consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/2025/LexingtonSchoolDistrictFour.pdf
It appears to be a copy of what they have sent out to residents as a preliminary notification.
If memory serves, PowerSchool had told districts they would be giving them something for communications by the evening of the 8th. Did they ever do that? Or are the four bullets in the district's notification what #PowerSchool gave districts to use?
-
'The #OpenSource tools that could disrupt the entire #IT #IncidentManagement market"
LOL no! Grafana is great for what it is, but 💯 no to this headline LOL!😂
#Grafana #PagerDuty #AIOps #Observability #O11Y #FOSS #OSS #VictorOps # Splunk #OnCall #XMatters #SRE #DevOps
-
'The #OpenSource tools that could disrupt the entire #IT #IncidentManagement market"
LOL no! Grafana is great for what it is, but 💯 no to this headline LOL!😂
#Grafana #PagerDuty #AIOps #Observability #O11Y #FOSS #OSS #VictorOps # Splunk #OnCall #XMatters #SRE #DevOps
-
From the Better-Late-Than-Never Department:
"Washington County is preparing to implement a new policy on how to respond to future cybersecurity attacks after a ransomware strike crippled the county government for more than two weeks earlier this year.
County solicitor Gary Sweat is asking the commissioners to consider approving a “business continuity and disaster contingency” plan that would have a protocol for county workers and its IT department to follow in the event of another cyber emergency."
As a reminder, they paid $350k ransom to ransomware gang to get decryptor key.
#databreach #ransomware #govsec #riskassessment #disasterplan #IncidentManagement #cybersecurity
-
From the Better-Late-Than-Never Department:
"Washington County is preparing to implement a new policy on how to respond to future cybersecurity attacks after a ransomware strike crippled the county government for more than two weeks earlier this year.
County solicitor Gary Sweat is asking the commissioners to consider approving a “business continuity and disaster contingency” plan that would have a protocol for county workers and its IT department to follow in the event of another cyber emergency."
As a reminder, they paid $350k ransom to ransomware gang to get decryptor key.
#databreach #ransomware #govsec #riskassessment #disasterplan #IncidentManagement #cybersecurity
-
OK, a huge thumbs up to Byte Federal for their breach notification letter. They frankly admit where they screwed up and what happened. I wish more notifications were as clear and straightforward as this one.
https://databreaches.net/2024/12/17/a-positive-example-of-forthright-breach-disclosure/
#databreach #transparency #disclosure #IncidentManagement #IncidentReporting #infosec
