Posts Tagged ‘cybersecurity’
Thoughts on AI From the Audit Perspective
The other week I had a post about the risk management challenges corporations will face as they integrate artificial intelligence into business operations. Several days later, my friend the Cybersecurity Auditor called me. “Dude,” he said, “I have many issues with AI and I think we’re missing another important point here.” OK, I replied, and…
Read MoreCybersecurity Struggles in the Defense Sector
Today in news that should surprise nobody: a new analysis of defense contractors finds that many are still struggling to understand their current cybersecurity posture, and to implement the controls that will keep the firms in compliance with the U.S. government’s heightened cybersecurity expectations. The report comes from CyberSaint, which sells software to help businesses…
Read MoreAnother Cyber Disclosure Example!
Well this is a splendid bit of good timing: two days after we wrote about poor disclosure of a cybersecurity breach at one large company, another large company has suffered a breach of its own and given us a very different example of how to handle your disclosure duties. The latest victim is T-Mobile, which…
Read MoreSEC Schools Pearson on Cyber Disclosure Failures
We have yet another reminder from the Securities and Exchange Commission today about the importance of full and accurate disclosure of cybersecurity breaches, this time in the form of a $1 million fine against education publisher Pearson for making misleading statements about a breach the company suffered in 2018. Pearson is a British company that…
Read MoreExample of Cybersecurity Disclosure Failures
The Securities and Exchange Commission has fined a New York title insurance company $488,000 for failing to disclose cybersecurity problems to investors in a timely manner, in yet another example of how cybersecurity risks can spawn a secondary wave of compliance risks too. The company in question is First American Financial Corp., parent company of…
Read MoreThe Shifting Calculus on Cybersecurity
So there I was the other day, talking to one of the many tech vendors in this field, when our conversation turned to a perpetually puzzling question: Why is the relationship between compliance and cybersecurity so difficult to get right? After all, my acquaintance and I lamented, cybersecurity has been one of the top corporate…
Read MoreAnother Look at Cybersecurity Shortcomings
The other week the Biden Administration issued an executive order to improve cybersecurity across the federal government. Now we have a peek at just how bad numerous government agencies are at the task — and what steps they’re likely to take to improve the situation, which could affect government contractors providing IT services. Said peek…
Read MoreParsing Biden’s Cybersecurity Order
Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…
Read MoreA Suspicious Activity, Cybersecurity Mess
A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble. The firm in question…
Read MoreAnother Example for SOX & Cybersecurity
From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case. The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…
Read More