Posts Tagged ‘cybersecurity’
Cyber, AML Lessons From a Crypto Flop
New York financial regulators have served up another case study in poor cybersecurity, transaction monitoring, and anti-money laundering compliance, courtesy of an enforcement action against a bankrupt cryptocurrency platform found to be deficient in all three. The state’s Department of Financial Services announced the sanction against Genesis Global Trading last Friday, fining the company $8…
Read MoreQualitatively Material Cyber Incidents
Today I want to revisit the new SEC rules for disclosing material cybersecurity incidents, and in particular those qualitatively material incidents that might seem especially tricky to assess and prevent. What internal controls become more important for that type of threat? This is on my mind because we’re already starting to see some companies disclose…
Read MoreFirst American Suffers Second Cyber Flop
Well this is going to hurt: First American Financial Corp., one of the largest title insurance firms in the United States, suffered a cyber attack over the Christmas break that has left legions of homebuyers and sellers unable to close their sales — and it is the second significant cyber incident First American has endured…
Read MoreAsking to Delay Cyber Attack Disclosure
Here’s news all you cybersecurity compliance professionals can use: the Justice Department has published guidance on how public companies can seek a national security exemption from the Securities and Exchange Commission’s new rules for expanded disclosure of cybersecurity incidents. As you may recall, the SEC adopted those new rules in July, and they go into…
Read MoreA Memo on Cyber Materiality
So there I was the other day, pondering that new Securities and Exchange Commission rule for expanded disclosure of cybersecurity issues, when my phone rang. It was my friend the cybersecurity auditor. “Hey,” he said, “I have an idea for how companies can prepare for that new rule about disclosing cybersecurity stuff.” I was intrigued.…
Read MoreNuttiest Cybersecurity Risk Ever
Well here’s a nutty new risk for cybersecurity compliance professionals at publicly traded companies: ransomware attackers reporting their own attacks against you to the Securities and Exchange Commission when you don’t meet their demands. Yes, this actually happened last week. A ransomware group known as Alphv breached MeridianLink, a California company that provides digital lending…
Read MoreSolarWinds, Part II: This Is Not New
Today we continue our look at that lawsuit filed by the Securities and Exchange Commission against SolarWinds and its CISO for poor disclosure of the company’s cybersecurity issues. As unsettling as this case might be for compliance and audit professionals, is it really a ground-breaking moment in securities enforcement? Perhaps not. Let’s first appreciate what…
Read MoreA Deep Dive Into SEC’s SolarWinds Lawsuit
Heads up, compliance and internal audit professionals! The Securities and Exchange Commission just filed a potentially profound lawsuit against the tech company SolarWinds and its CISO for misleading investors about the state of that company’s cybersecurity defenses — defenses that were proven toothless during a cybersecurity breach in 2020. The lawsuit, filed Monday against SolarWinds…
Read MoreFresh Stats on Cyber & Privacy Risks
We have a fascinating new snapshot of cybersecurity risks these days — including companies racing to embrace cloud computing without fully understanding the security fundamentals, insecure mobile applications, and persistent bad habits with software patching and encryption. Said snapshot comes from Coalfire, one of the more notable cybersecurity and compliance software firms, which just released…
Read MoreNotes on the MGM Cyber Attack
As you may have already heard, earlier this week MGM Resorts suffered a ransomware attack that disabled multiple MGM properties, including its flagship MGM Grand and Bellagio casinos in Las Vegas. This raises an interesting question for compliance and audit professionals: How would the SEC’s new rules for disclosure of cybersecurity attacks apply to something…
Read More