Intercast June 2025 – Defining Data Governance

Welcome to the June 2025 edition of Intercast’s monthly newsletter for cybersecurity professionals. As always, we’ll bring you the latest news and views to bring you up to speed. In This Issue:

  • Client Insight: Defining Data Governance
  • Banks Want SEC To Water Down Breach Report Rules
  • Quantum Encryption-Breaking May Come Sooner Than Thought
  • The Military Vets-Cybersecurity Connection
  • Microsoft Makes Baby Steps Towards Windows 10 Backtrack
  • Best Of The Rest

Client Insight: Defining Data Governance

Each month we ask our clients what’s on their mind to help us get a broader perspective on the industry. This month we’ve come across a thought-provoking idea from data advisor Merill Albert writing in Chief Data Officer Magazine. She asked a simple question of her online followers: Can you describe data governance in one word?

The responses fit into several clear categories such as oversight and accountability, with a few wild card entries including specific product names and a telling choice of simply “disaster”. Albert says all of these are valid, but she thinks it ultimately comes down to “people”, a reminder that humans are always behind processes and technology.

We’d love to hear your verdict on this fascinating question.

Banks Want SEC To Water Down Breach Report Rules

Major banking groups want the Securities and Exchange Commission to change rules requiring a public disclosure of cybersecurity breaches within four days of discovery. They say their fears about unintended consequences have been justified.

The “Cybersecurity Risk Management Rule” has now been in effect for around 18 months and affects publicly traded companies. It means they must report significant breaches in a formal filing known as Form 8-K, designed to keep stockholders and potential investors informed. That’s the same method used for reporting major events such as bankruptcy or a CEO’s departure.

Now five US banking groups have written to the SEC saying they’ve been proven right in their fears that the tight deadline could interfere with law enforcement and hurt confidentiality. They argue that reporting so quickly means disclosures haven’t given investors “meaningful or actionable information”.

They also say the rules hand more power to ransomware gangs because victims feel pressured to pay up to restore file access when they face a pressing deadline to go public about the breach.

Quantum Encryption-Breaking May Come Sooner Than Thought

Researchers have suggested quantum computers could require 20 times less power than thought to break 2048-bit RSA. It’s a trade-off of speed vs power but could make such a method practically feasible earlier than expected.

The research by a Google led-team built on previous estimates that 2048-bit RSA could be broken in eight hours by a quantum computer with a 20 million qubit processor. Such a machine is still likely a decade away, but that didn’t stop the researchers looking at hypotheticals.

They explored ways to crack the encryption more slowly but with less power, using improved error correction. They calculate a 1-million qubit processor could perform the task in around one week. That’s actually almost exactly the same speed-to-power ratio and does assume a hypothetical attacker has a week to complete the task, but it makes a big long-term difference.

While there’s no way to be certain how quickly quantum computing power will improve, there’s a good chance a 1-million qubit processor is with us several years earlier than a 20-million qubit version. It’s another reminder that quantum encryption-breaking may be years away, but planning for that day should be on the agenda now.

The Military Vets-Cybersecurity Connection

The BBC has a fascinating article on why so many former military personnel wind up working in cybersecurity. It quotes a charity which has a dedicated program for getting veterans into tech jobs, with around half going into security.

Those who’ve made the transition say the two worlds have many similarities including the need to prepare before problems arise but then be able to cope with the unexpected when a threat becomes real. Veterans are particularly in demand for “blue team” exercises, playing a defensive role in breach simulations against “red team” attackers.

Another benefit is the breadth of skills that military staff acquire. For example, those who’ve learned foreign languages such as Arabic during their service have a marketable advantage when applying for specialist roles.

Microsoft Makes Baby Steps Towards Windows 10 Backtrack

Microsoft is still insisting it will end free security support for Windows 10 in October, but it’s given the tiniest glimmer of hope for those hoping for a full U-turn.

Officially there’s still no change to the end-of-life schedule for Windows 10: from 14 October there’ll be no more free updates or security patches. Businesses will be able to pay for extended security support for three years (the price roughly doubling each year) while consumers can pay $30 for one extra year of patches, with no promises beyond that.

However, Microsoft has now confirmed a policy change that means Microsoft 365 subscribers running Windows 10 will get updates to the Office apps until 2028. That’s a big deal given Office documents are arguably one of the two most attractive routes for attackers alongside the web browser.

It’s also another piece of evidence for those convinced Microsoft will conclude that with recent surveys finding more than half of Windows PCs running Windows 10, it’s just too risky to pull the plug and leave such a huge target for attackers.

Best Of The Rest

Here’s our round up of what else you need to know:

Back to Blog