I came back from a holiday in Italy with a case of pneumonia recently, which means I had some spare time on my hands. If you know me at all, you know that spare time is the very last thing I should ever have, so I started fishing around for something to do.
I had been talking to some peers about security issues recently, and that got me running down a rabbit hole about cybersecurity breaches in Australia. More specifically, the terrible state of security practices within Australian businesses and the complete absence of accountability imposed by the industry and government bodies.
Things that stood out immediately were:
- The government doesn’t maintain a list of known security breaches. Even for those breaches reported to theĀ OAIC.
- Reporting on security breaches is terrible. As with most reporting, it is focused on getting views, with content being a secondary consideration.
- Corporate security is appallingly bad. Which isn’t news to anyone who has worked in IT for more than ten minutes. What is interesting is that nobody talks about it. There is a lot of bullshit in the IT industry, and security is a large part of the steaming pile.
So this looked like an interesting space to make a dent in, and here we are.
My goals in order of importance are:
- Create a comprehensive list of known cybersecurity breaches in the Australian region
- Have an honest conversation about why we keep seeing a stream of cybersecurity incidents
- Compile a list of relevant government and industry bodies
Fear of unemployment is a great way to make people shut the fuck up.
Every industry has its dirty little secrets. Some of those secrets are not even particularly secret. They are just things that nobody talks about because it’s bad for business. Either your company or your career.
I understand the technology, industry and business drivers related to cybersecurity while having no reliance on any of it for income. Which leaves me relatively free to speak openly about the things others can’t.