Engaging assessment:

When cyber events transpire, victims ought to be informed promptly to allow them the chance to evaluate and address any damage. Nevertheless, delivering notifications has been a challenge throughout the sector.

In the process of issuing notifications, companies frequently lack knowledge of the actual identities of victims and may only possess a single email address through which to send the notification. Victims often harbor skepticism towards these alerts, as cyber wrongdoers frequently utilize the guise of an account breach as a phishing bait.

[…]

This document investigates the hurdles linked to establishing the native-notification concept and outlines a strategy for navigating them. Additionally, it looks into other prospects for minor adjustments that could both enhance the likelihood of victims receiving and trusting notifications while also gaining access to support resources.

The document wraps up with three primary suggestions for cloud service providers (CSPs) and various stakeholders:

1. Enhance current notification procedures and create best practices for the industry.
2. Promote the establishment of “middleware” essential for sharing notifications with victims discreetly, securely, and across various platforms including via native notifications.
3. Augment support for victims following the notification.

Although additional efforts are necessary to refine and assess the CSRB’s proposed native notification capability, significant strides can be achieved by adopting improved notification and support methods by cloud service providers and other stakeholders in the short term.