- Identity Jedi Newsletter
- Posts
- The 27th Edition of the Identity Jedi Newsletter
The 27th Edition of the Identity Jedi Newsletter
Got 99 Problems but a breach ain't...wait hold on...
David Lee
March 15, 2023
Wednesday 2/1/23 - Identity Jedi Newsletter - Subscribe
Hey Jedi welcome to the 27th edition of the Identity Jedi Newsletter!
Wow. What a week ( or really weekend) we had huh? I'm sorry if any of you were affected by the SVB news the past couple of days. If there is anything I can do to help, don’t hesitate to reach out. I’ll jump more into this topic later on, but it’s times like this we remember how delicate ( despite all its complexities) our financial system is.
We are just about halfway through the month, and we are on record pace for subscribers! I guess you really like the content huh?! Well, let’s keep this train rolling! Hit the link below to share and you can check out all the free stuff here
Let’s Get to the Good Stuff!
Holy There Goes My Data again Batman
Wait, another breach!?
Seriously, you’re just trolling us now, right?
SVB March Madness
Holy, There Goes My Data again, Batman!
The personal information of current and former US House members and staff has been compromised in a data breach currently under investigation by the FBI. The breach occurred due to an attack on DC Health Link, the third-party vendor that administers the health care plans of U.S. House members, their staff, and their families. The vendor's email system was exploited, and the attackers could access sensitive information, including names, social security numbers, and dates of birth. The House Sergeant at Arms released a statement acknowledging the breach and outlining steps to secure the network and protect affected individuals. The investigation is ongoing, and who is responsible for the breach is unclear.
Wait, another Breach?
Acer, the popular multinational computer hardware and electronics company, has confirmed a data breach after a hacker claimed to have stolen company information and offered to sell it online. The hacker claimed to have accessed Acer's network and stolen financial data and other sensitive information, which is reported to be a total of 160GB of information. The company acknowledged the breach in a statement and said that they had notified the relevant authorities. According to reports, the hacker attempted to sell the stolen data for an unspecified amount of cryptocurrency.
Seriously, you’re just trolling us now, right?
AT&T has confirmed that a data breach exposed the personal information of 9 million of its wireless customers. The breach was caused by a vendor's security incident but did not affect sensitive data such as customers' names, Social Security numbers, or driver's license numbers. Instead, the cyberattack allowed unauthorized access to information used to determine eligibility. The company has not disclosed the vendor's identity, nor has it stated the current state of the relationship it has with the firm. AT&T has also promised to hold those responsible for the breach accountable and to improve its security measures to prevent similar incidents from happening in the future. Yeah, of course they will.
Events
RSA Conference
April 24th - 27th, Moscone Center San Francisco
Hit the registration site here, and put in the code:3U3SPKRFFCD.
Product Spotlight
Entitle.IO
Entitle, a cloud-based permissions management startup launched its SaaS-based application to automate access requests and solve "entitlement sprawl". It employs a self-service request model and a decentralized approval approach to allow for better context for decision-making and more informed authorization. A growing trend in the IAM space in that we finally realized that access requests and provisioning just need to be automated.
The Last Word
Clearly, we don’t care about protecting customers’ data. We don’t care about standard cybersecurity principles, and we aren’t going to take the time to do anything about them. I mean, we’ll put out press releases and ChatGPT written statements that talk about how we’ll do better and upgrade our security tools and practices and then offer 1 year of identity theft protection, but that’s about it. Because if we gave a shit, we wouldn’t see the same freaking breaches over and over and over and over and over again.
Yeah, that’s like four overs. Overkill? Maybe that last part.
How many times have we screamed from the rooftops about third-party breaches? How often have we told organizations to remove stale access, use MFA, stop using PASSWORD as your password?
At this point, it all sounds cliche. And the marketing teams will be swift to come up with a copy stating how their product would have 100% helped you prevent that breach. ( This is no shade to marketing teams, I love you!).
THE ONLY WAY THIS STOPS IS THAT WE HAVE TO TRY SOMETHING DIFFERENT!
It’s on all of us. Not just the organizations, although they have blame in this too. But as practitioners, we must build compelling arguments that matter to the business to show them it’s worth the investment. As vendors, we have to build products THAT ACTUALLY FUCKING HELP PREVENT THIS FROM HAPPENING. Not just vaporware or products that kinda help after 2 million dollars in professional services and three years later.
It’s time for a revolution my friends.
And this one will be televised
Be Good to /each other, Be Kind to each other, Love each other
-Identity Jedi
The JEDI COUNCIL
SVB Madness
The dumbest quote I read about the whole SVB situation was as follows:
“I mean, this bank, they’re so concerned with DEI and politics and all kinds of stuff. I think that really diverted from them focusing on their core mission”
Subscribe to Identity Jedi Newsletter to read the rest.
Become a paying subscriber of Identity Jedi Newsletter to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In
Join the conversation