Phew, what a scorcher...

We started the month at The Stack looking at a security incident in the telecommunications space. Vodafone had warned that a supplier breach had "potential scope to impact the entire telco industry" . We confirmed that 235 other companies were affected and revealed that the global supplier in question only realised the extent of its five-year compromise after a customer reported malicious activity. Details below. Off-the-record discussions with telco security specialists revealed two common themes: 1) The incident was significantly worse than anything made public, with several wondering aloud if those affected had properly disclosed the breach to regulators and 2) The SS7 protocol used to underpin roaming services remains an egregious security risk for all...

Many CIOs out there are tightening their belts as the economic outlook bites. We've always found looking upstream at the semiconductor world a useful way of gauging the shape of things to come: companies with the kind of capex commitments chip firms have tend to spend a lot of time on future-parsing. Memory firm Micron's earnings are a good case in point. The NAND and DRAM specialist has slashed its outlook for the second half of 2022 -- saying it now expects to see 130 million fewer smartphones and 30 million fewer PCs shipped. Cloud spending remains high, but OEM server companies are still struggling to get components and Micron is trimming capex as a result -- even as it starts shipping new DDR5 memory.

The NSCC and ICO have warned companies to stop paying out when hit by ransomware. For those to whom downtime results in catastrophic revenue-bleed and loss of customer confidence, we understand the pressure to get back online as soon as possible -- as do the authorities. Is criminalisation of ransom payments on the horizon? Despite what looks like a guarded threat, it seems unlikely and as Orange's Charl van der Walt tells us, it would like trigger "perverse incentives"...

Much more is available on our homepage. We'd also like to take a moment to thank all the attendees of our recent dining club, sponsored by Element -- 15 of us including CISOs, enterprise architects and business leaders gathered at Somerset House to tackle cyber resilience, skills and CISO challenges. We'll be sharing some photos on LinkedIn soon -- always great to see such broad smiles everywhere and the continuation of our uniquely relaxed and informal ambience at these events.

Coming up in The Stack meanwhile: An interview with a leading CIO at one of the world's biggest packaging firms. We'll be talking leadership, sustainability, innovation and the particular promises and perils that come with working for private equity-owned companies -- a pet passion of this particular CIO.

At several recent dining clubs we've hosted meanwhile, a theme has been retraining staff -- including reallocating developer or even HR resource to cybersecurity. In coming weeks we'll be talking to a veterinarian who retrained as a Blue Team member and several others, as well as a CISO for whom rethinking how security is staffed is an ongoing priority. Expect useful tips and hard-won lessons from above and below. Want to contribute in some way? Get in touch.

Finally, an apology. This edition of our Command Line newsletter has taken a little longer than we had hoped to ship. In a spirit of transparency, we'll blame LinkedIn -- which has released its newletter product beta with some bugs that made it impossible for us to publish. These have been confirmed by LinkedIn and escalated (they appear to relate to issues with the .technology TLD; we're working on getting the .com!) and we have used a workaround in the meantime. Thanks again.

Ed.