Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.

If you work with the Australian defence sector, DISP membership is no longer optional. The Defence Industry Security Program (DISP) is a baseline requirement for organisations operating in or supplying into Australian Defence. Most companies still treat DISP in defence as a compliance checkbox, but that approach fails. DISP is about reducing real operational risk across the supply chain.

You cannot turn a corner without entering the world of AI. I was in a big box home improvement store the other day and there was a manufacturer touting the AI built into their refrigerator! Children’s toys, personal electronics, and even cat litter boxes are now selling AI-assisted products. I am a technology early adopter, and where I’ve seen good uses of AI, we are in the phase of “throw AI into everything” mode, as we do not know what will stick.

The LA Times recently reported on a suspected breach involving a public sector legal office and a third-party tool used to transfer discovery materials. According to the report, the exposed data included a large volume of highly sensitive records, including witness information, medical data, unredacted legal documents, personnel records, and investigative materials. Without getting ahead of the facts, there is a pretty straightforward lesson here. Sensitive data rarely stays in one place.

The Family Educational Rights and Privacy Act (FERPA) has governed how universities handle student records since 1974. Fundamentally, FERPA is a federal privacy law that grants students the ability to exert some meaningful authority over their academic information. At the same time, it also assigns responsibility for the maintenance and safeguarding of student education records to the universities that maintain them.

Organizations today face a common challenge: sensitive data is everywhere. It lives across collaboration platforms, endpoints, databases, SaaS applications, and cloud storage systems. Employees and partners need to access and share information quickly, often across teams, organizations, and even countries. At the same time, regulatory requirements, security mandates, and privacy obligations demand stronger protection for sensitive data.

As organizations increasingly rely on Microsoft Teams for internal and external collaboration, the platform’s chat and file-sharing capabilities have become central to daily operations. However, speed and flexibility come with risk. User-managed collaboration tools can create challenges in maintaining control over data access and enforcing compliance with organizational sharing and usage policies.

Microsoft SharePoint has a mature, well-structured security model. It gives organizations control over who can access sites, libraries, and documents, and for most day-to-day needs, it works well. But there is a fundamental limitation built into how SharePoint security works: it controls access based on role, not on the sensitivity of the content itself.

In 2025, universities in the United States and Australia found themselves squarely in the crosshairs of persistent and evolving cyber threats. Higher education institutions manage highly sensitive personal information, financial details, healthcare records, and research data, making them prime targets for sophisticated attackers, ransomware gangs, and even hacktivists. As cybercrime escalates globally, the education sector is facing some of its most disruptive and consequential breaches in years.

As Winter Storm Fern made its way across the US this weekend, children across the country were glued to phones, computers, or televisions as they tried to guess how long they would be out of school this week. Little do they know, however, the data, science, and lack thereof, that goes into that decision. School closures are the very public end of a complex and fast-changing dataset that is highly dependent on locality and can be wildly different on either side of a district line.