Posts Tagged ‘cybersecurity’
The Cracks in Third-Party Risk Management
Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…
Read MoreMore on Cybersecurity, Compliance Risk
We have another report on cybersecurity threats this week, one that demonstrates just how difficult it is for large organizations to address this risk effectively — because while the vulnerabilities themselves are squarely a CISO’s concern, the damage they can cause is very much a regulatory compliance problem. The report comes from Onapsis, a cybersecurity…
Read MoreWhen Cybersecurity and IT Risk Converge
The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach. I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read MoreA Hair-Raising Ransomware Story
Anyone interested in a sobering example of cybersecurity risk management and disaster recovery planning gone wrong? Because we have a doozie, courtesy of Washington’s top cybersecurity preparedness agency. CISA, the Cybersecurity & Infrastructure Security Agency, released a bulletin last Friday warning corporate organizations about the threat of ransomware. The bulletin wasn’t much (two pages long)…
Read MoreZoom and FTC Enforcement to Come
A few weeks ago the Federal Trade Commission took an enforcement action against Zoom Technologies for misleading statements Zoom made about the security of its videoconferencing services. The case wasn’t too exciting except for a dissenting statement from one of the Democratic FTC commissioners — which read like a foreshadowing of cybersecurity enforcement in the…
Read MoreAnother Cybersecurity Threat to Compliance
Today we circle back to enterprise cybersecurity and its role in effective corporate compliance. Why? Because researchers recently discovered a vulnerability in SAP software that lets attackers infiltrate your IT systems to steal personal data, alter financial transactions, or otherwise cause all sorts of mischief that would saddle your business with huge compliance concerns. The…
Read MoreOn Internal Control and Mr. Potato Head
Here’s one way to convey the importance of software patch management: a bunch of Canadian Tire retail stores had to close last week because “a downloading error” caused all purchases to be scanned at the checkout register as Mr. Potato Head. The Toronto Star dug up this story last week. Five Canadian Tire stores in…
Read MoreA Security Threat That Evades Internal Control
Well this is sobering stuff for internal auditors and SOX compliance professionals: a cybersecurity firm is raising alarms about flaws in the Oracle business software that countless companies use to manage their finances, which lets hackers steal or alter financial data — all undetectable by standard internal controls or GRC technology. Be warned, this is…
Read MoreFresh SEC Tips on Cybersecurity
The Securities and Exchange Commission released fresh advice on Monday about cybersecurity risk, on everything from oversight of cybersecurity risk to nitty-gritty practices around access controls, vendor management, operational resiliency, and more. Compliance, security, and risk professionals will want to give this a read. The advice comes in the form of a 13-page bulletin published…
Read More