Posts Tagged ‘cybersecurity’
Justice Dept. Talks AI Concerns
The Justice Department wants companies tinkering with artificial intelligence to be more open-minded about testing their AI systems and products for vulnerabilities, and specifically wants them to adopt a “vulnerability disclosure program” much the same way tech companies already disclose software bugs. So says Nicole Argentieri, head of the Criminal Division, who delivered a speech…
Read MoreMore Lessons on Cyber Control Failures
We have another glimpse into modern cybersecurity threats and the control weaknesses that allow those threats to happen, courtesy of an enforcement action against a financial services firm that twice was duped by hackers into selling their customers’ assets. The financial services firm is Equiniti Trust Co., a registered transfer agent — that is, a…
Read MoreLast Week’s Cybersecurity Disasters
There are decades when nothing happens, and weeks when decades happen. Last week was definitely one of those latter periods for CISOs, internal auditors, compliance officers, and anyone else charged with worrying about cybersecurity. Just consider what happened last week: On Tuesday, UnitedHealth reported spending nearly $1 billion on recovery costs from a ransomware attack…
Read MoreUnitedHealth’s Big Cyber Compliance Mess
UnitedHealth filed its latest quarterly earnings report today, complete with an update on the staggering costs of a ransomware attack the healthcare giant suffered earlier this year — and if anyone needs a fresh example of how cyber attacks can tie your company into compliance knots, pull up a chair. The attack itself happened in…
Read MoreInternal Accounting Controls and Cyber Risk
Today I want to return to that recent enforcement action against RR Donnelley, where the Securities and Exchange Commission cited faulty internal accounting controls at Donnelley as grounds to impose a $2.1 million sanction over the company’s poor handling of a cybersecurity incident. What are internal control professionals supposed to make of an enforcement action…
Read MoreSEC Advice on Ransomware Disclosure
The Securities and Exchange Commission has published fresh advice about when companies need to disclose a ransomware incident to investors, warning that companies will need to perform materiality assessments and be prepared to disclose the attack even if the attack is small and the company returns to normal operations quickly. The agency released five compliance…
Read MoreExample of Cyber Disclosure Challenges
Radical Compliance is back from vacation, and what better way to catch up on current compliance issues than an enforcement action over poor cybersecurity? Lucky for us, the Securities and Exchange Commission served up a fresh case just last week on exactly that headache. The case involves R.R. Donnelley, provider of business marketing services to…
Read MoreNYSE Parent Fined $10M Over Breach Failure
The parent company of the New York Stock Exchange has agreed to pay $10 million for failing to promptly alert the Securities and Exchange Commission about a cybersecurity breach the company suffered in 2021. Take note, all you public companies still uncertain about how and when to disclose breaches of your own. The SEC announced…
Read MoreMore Tips on Good Data Protection
Another week, another enforcement action from the Federal Trade Commission giving us a glimpse into what modern data protection programs should look like. This time the company in question is a telecommunications company that flubbed basic data protection protocols and then suffered a breach; and as usual, the FTC gives compliance, privacy, and IT security…
Read MoreCyber, AML Lessons From a Crypto Flop
New York financial regulators have served up another case study in poor cybersecurity, transaction monitoring, and anti-money laundering compliance, courtesy of an enforcement action against a bankrupt cryptocurrency platform found to be deficient in all three. The state’s Department of Financial Services announced the sanction against Genesis Global Trading last Friday, fining the company $8…
Read More