
bletchleypark.org.uk on the list
Oh dear, how standards have slipped!
Thousands of email addresses included in the Belsen Group's dump of FortiGate configs last week are now available online, revealing which organizations may have been impacted by the 2022 zero-day exploits. Infosec expert Kevin Beaumont uploaded the IP and email addresses associated with the leaked FortiGate configs to GitHub, …
"We continue to strongly recommend that organizations take the recommended actions, if they have not already, to improve their security posture."
Great victim blaming.
Heres a thought.
If YOU hadn't fucked up, they shouldn't have to worry as much.
Here's an idea, offer free support to those companies you failed, in order to counteract your incompetence, after all, you are supposed to be the security company, not them
Since the numbers consistently show that of organisations that have ALREADY been compromised less than 20% of them actually improve their security spend or increase staff training etc....
I can't really see anyone taking this too seriously and it's a good bet that 80% of those credentials are still in place.
2 things need to happen...software / hardware vendors need to become legally liable for bugs. The whole "all software has bugs" tech industry crap is mental..no one else would get away with it
Board level needs to be legally liable. There's too much kicking the can down the road. CEOs who are basically just hoping that if nothing breaks in the 2-3 years they are there, the outsourcing & offshoring won't come back to bite them before they get their millions and leave. Make the BOARD liable, regardless of whether it was a vendor or MSP or consultancy....no more "shifting risk"
Watch IT wages & staffing numbers go up & non IT staff training improve too