Search results for: "patch management"
Pointers on Preventing Ransomware
Among the many interesting discussions I heard at the Institute of Internal Auditors’ global conference this week, one particularly compelling session was about ransomware: how attackers try to foist it upon companies, and the internal controls you could implement to keep such attacks at bay. Since ransomware risk is going nowhere but up these days,…
Read MoreCybersecurity Risk: Something’s Happening
I was working at my desk last week when the phone rang. At the other end of the line was my friend the cybersecurity auditor. “Dude, we have to talk,” he said. “Our team here has discovered an issue.” Ummm, a lot of people in our line of work have issues, I replied. Can you…
Read MoreBulletin on Russia Cyber Threat
The United States’ top cybersecurity regulator published a special bulletin this week listing numerous measures companies should implement immediately to ward off possible attacks from Russia during its Ukraine invasion. CISA, the Cybersecurity Infrastructure and Security Agency, issued the bulletin on Tuesday in conjunction with the Department of Homeland Security. Both agencies stressed that they…
Read MoreCybersecurity Struggles in the Defense Sector
Today in news that should surprise nobody: a new analysis of defense contractors finds that many are still struggling to understand their current cybersecurity posture, and to implement the controls that will keep the firms in compliance with the U.S. government’s heightened cybersecurity expectations. The report comes from CyberSaint, which sells software to help businesses…
Read MoreSEC Schools Pearson on Cyber Disclosure Failures
We have yet another reminder from the Securities and Exchange Commission today about the importance of full and accurate disclosure of cybersecurity breaches, this time in the form of a $1 million fine against education publisher Pearson for making misleading statements about a breach the company suffered in 2018. Pearson is a British company that…
Read MoreAnother Example for SOX & Cybersecurity
From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case. The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…
Read MoreMore on Cybersecurity, Compliance Risk
We have another report on cybersecurity threats this week, one that demonstrates just how difficult it is for large organizations to address this risk effectively — because while the vulnerabilities themselves are squarely a CISO’s concern, the damage they can cause is very much a regulatory compliance problem. The report comes from Onapsis, a cybersecurity…
Read MoreA Hair-Raising Ransomware Story
Anyone interested in a sobering example of cybersecurity risk management and disaster recovery planning gone wrong? Because we have a doozie, courtesy of Washington’s top cybersecurity preparedness agency. CISA, the Cybersecurity & Infrastructure Security Agency, released a bulletin last Friday warning corporate organizations about the threat of ransomware. The bulletin wasn’t much (two pages long)…
Read MoreAnother Cybersecurity Threat to Compliance
Today we circle back to enterprise cybersecurity and its role in effective corporate compliance. Why? Because researchers recently discovered a vulnerability in SAP software that lets attackers infiltrate your IT systems to steal personal data, alter financial transactions, or otherwise cause all sorts of mischief that would saddle your business with huge compliance concerns. The…
Read MoreOn Internal Control and Mr. Potato Head
Here’s one way to convey the importance of software patch management: a bunch of Canadian Tire retail stores had to close last week because “a downloading error” caused all purchases to be scanned at the checkout register as Mr. Potato Head. The Toronto Star dug up this story last week. Five Canadian Tire stores in…
Read More