Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.

If you work with the Australian defence sector, DISP membership is no longer optional. The Defence Industry Security Program (DISP) is a baseline requirement for organisations operating in or supplying into Australian Defence. Most companies still treat DISP in defence as a compliance checkbox, but that approach fails. DISP is about reducing real operational risk across the supply chain.

You cannot turn a corner without entering the world of AI. I was in a big box home improvement store the other day and there was a manufacturer touting the AI built into their refrigerator! Children’s toys, personal electronics, and even cat litter boxes are now selling AI-assisted products. I am a technology early adopter, and where I’ve seen good uses of AI, we are in the phase of “throw AI into everything” mode, as we do not know what will stick.

The LA Times recently reported on a suspected breach involving a public sector legal office and a third-party tool used to transfer discovery materials. According to the report, the exposed data included a large volume of highly sensitive records, including witness information, medical data, unredacted legal documents, personnel records, and investigative materials. Without getting ahead of the facts, there is a pretty straightforward lesson here. Sensitive data rarely stays in one place.