Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation or need any advice related to cyber security answered anonymously and on the podcast, email us at [email protected]. This week's question is:"I made a mistake that I'm still losing sleep over. We got an alert that looked like routine noise, a similar pattern to false positives we'd been seeing all week from a dodgy update. I triaged it as low priority and moved on to the mountain of other tickets in the queue. Turns out, it wasn't noise. It was the early stage of a ransomware attack. Luckily, our endpoint protection caught it before it spread too far, and we contained it within a few hours. No data loss, no ransom paid, minimal disruption. Management have been great about it. They said everyone makes mistakes, praised the team for the quick response, and moved on. But here's my problem: I haven't told anyone the full truth. In my incident report, I said I "initially assessed it as lower priority given the alert volume" but I didn't say I completely dismissed it. I didn't mention that I didn't even do the basic checks I should have. My team lead thinks I just deprioritised it slightly, not that I basically ignored it. Everyone's moved on, but I feel like a fraud. Do I come clean now and risk looking worse for the cover-up, or do I just learn from this privately and be better going forward? I'm terrified that if I'm honest now, I'll lose my job or destroy the trust I've built. But I also can't shake the feeling that I'm not the person my colleagues think I am."Don't forget to like and subscribe to our podcast to be ready and waiting for the next episode.#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec