I was listening to podcasts about the Home Depot breach, and something occurred to me.
Home Depot isn’t talking much about the breach. And it’s driving security pros nuts.
But the general public takes silence as a sign that everything’s going great. So their silence is winning the PR battle in the court that matters, which is public opinion at large.
As a security pro, I want my colleagues at Home Depot to share, so we can all learn. We need to know what went wrong so we’re careful not to make the same mistakes. But a security pro has an obligation to protect the business. And not talking to anyone, stonewalling the media and the industry, if you will, seems to be working perfectly well for them.
As a journalist turned security pro, I find it interesting to watch this unfold. Slowly. It turns out I may be learning from the silence after all. That goes against my intuition because, generally speaking, it’s the side who talks to the press most freely who controls the story. So I’m very interested to see if Home Depot doing all the wrong things ends up being right. At this point, it looks that way.