Posts Tagged ‘cybersecurity’
Example of Cybersecurity Disclosure Failures
The Securities and Exchange Commission has fined a New York title insurance company $488,000 for failing to disclose cybersecurity problems to investors in a timely manner, in yet another example of how cybersecurity risks can spawn a secondary wave of compliance risks too. The company in question is First American Financial Corp., parent company of…
Read MoreThe Shifting Calculus on Cybersecurity
So there I was the other day, talking to one of the many tech vendors in this field, when our conversation turned to a perpetually puzzling question: Why is the relationship between compliance and cybersecurity so difficult to get right? After all, my acquaintance and I lamented, cybersecurity has been one of the top corporate…
Read MoreAnother Look at Cybersecurity Shortcomings
The other week the Biden Administration issued an executive order to improve cybersecurity across the federal government. Now we have a peek at just how bad numerous government agencies are at the task — and what steps they’re likely to take to improve the situation, which could affect government contractors providing IT services. Said peek…
Read MoreParsing Biden’s Cybersecurity Order
Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…
Read MoreA Suspicious Activity, Cybersecurity Mess
A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble. The firm in question…
Read MoreAnother Example for SOX & Cybersecurity
From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case. The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…
Read MoreThe Cracks in Third-Party Risk Management
Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…
Read MoreMore on Cybersecurity, Compliance Risk
We have another report on cybersecurity threats this week, one that demonstrates just how difficult it is for large organizations to address this risk effectively — because while the vulnerabilities themselves are squarely a CISO’s concern, the damage they can cause is very much a regulatory compliance problem. The report comes from Onapsis, a cybersecurity…
Read MoreWhen Cybersecurity and IT Risk Converge
The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach. I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read More