Thoughts on AI From the Audit Perspective

AI

The other week I had a post about the risk management challenges corporations will face as they integrate artificial intelligence into business operations. Several days later, my friend the Cybersecurity Auditor called me. “Dude,” he said, “I have many issues with AI and I think we’re missing another important point here.” OK, I replied, and…

Read More

Cybersecurity Struggles in the Defense Sector

cybersecurity

Today in news that should surprise nobody: a new analysis of defense contractors finds that many are still struggling to understand their current cybersecurity posture, and to implement the controls that will keep the firms in compliance with the U.S. government’s heightened cybersecurity expectations. The report comes from CyberSaint, which sells software to help businesses…

Read More

Another Cyber Disclosure Example!

disclosure

Well this is a splendid bit of good timing: two days after we wrote about poor disclosure of a cybersecurity breach at one large company, another large company has suffered a breach of its own and given us a very different example of how to handle your disclosure duties. The latest victim is T-Mobile, which…

Read More

SEC Schools Pearson on Cyber Disclosure Failures

Pearson

We have yet another reminder from the Securities and Exchange Commission today about the importance of full and accurate disclosure of cybersecurity breaches, this time in the form of a $1 million fine against education publisher Pearson for making misleading statements about a breach the company suffered in 2018. Pearson is a British company that…

Read More

Example of Cybersecurity Disclosure Failures

First American

The Securities and Exchange Commission has fined a New York title insurance company $488,000 for failing to disclose cybersecurity problems to investors in a timely manner, in yet another example of how cybersecurity risks can spawn a secondary wave of compliance risks too. The company in question is First American Financial Corp., parent company of…

Read More

The Shifting Calculus on Cybersecurity

cybersecurity

So there I was the other day, talking to one of the many tech vendors in this field, when our conversation turned to a perpetually puzzling question: Why is the relationship between compliance and cybersecurity so difficult to get right?  After all, my acquaintance and I lamented, cybersecurity has been one of the top corporate…

Read More

Another Look at Cybersecurity Shortcomings

cybersecurity

The other week the Biden Administration issued an executive order to improve cybersecurity across the federal government. Now we have a peek at just how bad numerous government agencies are at the task — and what steps they’re likely to take to improve the situation, which could affect government contractors providing IT services. Said peek…

Read More

Parsing Biden’s Cybersecurity Order

cybersecurity

Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…

Read More

A Suspicious Activity, Cybersecurity Mess

cybersecurity

A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble.  The firm in question…

Read More

Another Example for SOX & Cybersecurity

cybersecurity

From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case.  The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…

Read More