Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

“If you want to go fast, go alone. If you want to go far, go together.” The adage for teamwork has applied to most modern military operations of the past two decades. The challenge in going together lies in the sensitivity of the information and, at the individual level, determining whose clearance and ‘need to know’ align with yours.

A good way to measure the success and challenges of new technologies is to spend an evening networking with your peers. Sure, a lot of what you take in is anecdotal, but what you are looking for is consistency in the stories being shared and the industries where the stories are occurring. Recently, I had the opportunity to network with a number of my peers. I had one question that I asked consistently: “How are your AI deployments going?”

After decades of innovation in personal technology, ranging from watches that track personal fitness, mini super-computers that we call phones, and a whole host of other gadgets and self-help technologies, our companies still rely on one technology that started over 45 years ago – the laptop. Fun fact: the first one, called the Osborne 1, weighed 24 pounds! The modern laptop has a better screen, longer battery life, and weighs significantly less, but at its core is still a hard drive.

Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.

If you work with the Australian defence sector, DISP membership is no longer optional. The Defence Industry Security Program (DISP) is a baseline requirement for organisations operating in or supplying into Australian Defence. Most companies still treat DISP in defence as a compliance checkbox, but that approach fails. DISP is about reducing real operational risk across the supply chain.

You cannot turn a corner without entering the world of AI. I was in a big box home improvement store the other day and there was a manufacturer touting the AI built into their refrigerator! Children’s toys, personal electronics, and even cat litter boxes are now selling AI-assisted products. I am a technology early adopter, and where I’ve seen good uses of AI, we are in the phase of “throw AI into everything” mode, as we do not know what will stick.

The LA Times recently reported on a suspected breach involving a public sector legal office and a third-party tool used to transfer discovery materials. According to the report, the exposed data included a large volume of highly sensitive records, including witness information, medical data, unredacted legal documents, personnel records, and investigative materials. Without getting ahead of the facts, there is a pretty straightforward lesson here. Sensitive data rarely stays in one place.

The Family Educational Rights and Privacy Act (FERPA) has governed how universities handle student records since 1974. Fundamentally, FERPA is a federal privacy law that grants students the ability to exert some meaningful authority over their academic information. At the same time, it also assigns responsibility for the maintenance and safeguarding of student education records to the universities that maintain them.

Organizations today face a common challenge: sensitive data is everywhere. It lives across collaboration platforms, endpoints, databases, SaaS applications, and cloud storage systems. Employees and partners need to access and share information quickly, often across teams, organizations, and even countries. At the same time, regulatory requirements, security mandates, and privacy obligations demand stronger protection for sensitive data.

As organizations increasingly rely on Microsoft Teams for internal and external collaboration, the platform’s chat and file-sharing capabilities have become central to daily operations. However, speed and flexibility come with risk. User-managed collaboration tools can create challenges in maintaining control over data access and enforcing compliance with organizational sharing and usage policies.