Posts Tagged ‘cybersecurity’
Asking to Delay Cyber Attack Disclosure
Here’s news all you cybersecurity compliance professionals can use: the Justice Department has published guidance on how public companies can seek a national security exemption from the Securities and Exchange Commission’s new rules for expanded disclosure of cybersecurity incidents. As you may recall, the SEC adopted those new rules in July, and they go into…
Read MoreA Memo on Cyber Materiality
So there I was the other day, pondering that new Securities and Exchange Commission rule for expanded disclosure of cybersecurity issues, when my phone rang. It was my friend the cybersecurity auditor. “Hey,” he said, “I have an idea for how companies can prepare for that new rule about disclosing cybersecurity stuff.” I was intrigued.…
Read MoreNuttiest Cybersecurity Risk Ever
Well here’s a nutty new risk for cybersecurity compliance professionals at publicly traded companies: ransomware attackers reporting their own attacks against you to the Securities and Exchange Commission when you don’t meet their demands. Yes, this actually happened last week. A ransomware group known as Alphv breached MeridianLink, a California company that provides digital lending…
Read MoreSolarWinds, Part II: This Is Not New
Today we continue our look at that lawsuit filed by the Securities and Exchange Commission against SolarWinds and its CISO for poor disclosure of the company’s cybersecurity issues. As unsettling as this case might be for compliance and audit professionals, is it really a ground-breaking moment in securities enforcement? Perhaps not. Let’s first appreciate what…
Read MoreA Deep Dive Into SEC’s SolarWinds Lawsuit
Heads up, compliance and internal audit professionals! The Securities and Exchange Commission just filed a potentially profound lawsuit against the tech company SolarWinds and its CISO for misleading investors about the state of that company’s cybersecurity defenses — defenses that were proven toothless during a cybersecurity breach in 2020. The lawsuit, filed Monday against SolarWinds…
Read MoreFresh Stats on Cyber & Privacy Risks
We have a fascinating new snapshot of cybersecurity risks these days — including companies racing to embrace cloud computing without fully understanding the security fundamentals, insecure mobile applications, and persistent bad habits with software patching and encryption. Said snapshot comes from Coalfire, one of the more notable cybersecurity and compliance software firms, which just released…
Read MoreNotes on the MGM Cyber Attack
As you may have already heard, earlier this week MGM Resorts suffered a ransomware attack that disabled multiple MGM properties, including its flagship MGM Grand and Bellagio casinos in Las Vegas. This raises an interesting question for compliance and audit professionals: How would the SEC’s new rules for disclosure of cybersecurity attacks apply to something…
Read MoreCyber Failure Leads to False Claims Penalty
We have a fascinating enforcement action from the Justice Department this week, where a subsidiary of Verizon has agreed to settle charges that its failure to meet certain cybersecurity standards as part of a government contract qualified as a violation of the False Claims Act. Verizon Business Network Services, an IT services subsidiary within the…
Read MoreCanadian Bank Needs Spy Compliance
Nutty news from up north: Canadian regulators have forced a bank there suspected of ties to the Chinese government to cut ties with its three founders, relocate to new headquarters with better security, sweep the corporate premises for bugs, and hire two senior compliance officers — including a “national security” compliance officer who will need…
Read MoreThoughts on Data Security
This week I’m attending the ISACA-Institute of Internal Auditors GRC Conference in Las Vegas. As one might imagine, data security is all over the agenda, so I’ve been taking notes for those audit and compliance executives back home looking for suggestions on how to make your GRC efforts better. For starters I attended a fascinating…
Read More