Posts Tagged ‘cybersecurity’
Justice Dept. Beefs Up Cyber Actions
Just in time for Russia’s invasion of Ukraine and the cyber attacks that inevitably will follow, the Justice Department is promising to use “disruptive action” against cyber criminals, even if those actions jeopardize the department’s chance for future charges and arrests. So said deputy attorney general Lisa Monaco on Thursday, speaking at the annual Munich…
Read MoreRansomware Update: It Still Sucks
We have a trio of reminders this week on the perilous state of corporate cybersecurity, with ransomware becoming an ever-more sophisticated threat and business ERP systems still persistently vulnerable to attack. Compliance professionals should take note, since effective strategies to combat ransomware depend on a strong compliance function. First is the latest alert from the…
Read MoreLog4j: We Have to Talk About This
By now compliance and audit professionals may have heard about the cybersecurity vulnerability called Log4j. This will foremost be a problem for IT security officers; but Log4j also illuminates a lot of challenges that audit, compliance, and risk management challenges will face in the 2020s. So let’s unpack the issues afoot here. First, the background.…
Read MoreNotes on Cybersecurity and Operational Risk
Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…
Read MoreMore SEC Talk on Cyber, Internal Control
Before this particular bit of news sails downstream, internal control professionals might want to note that an SEC commissioner spoke this week about the importance of internal controls for cybersecurity. She raised a few points worth considering. The remarks came from Caroline Crenshaw, a Democratic appointee to the Securities and Exchange Commission who, in my…
Read MoreNotes on Disclosing Cybersecurity Lapses
Today let’s return to the issue of disclosing cybersecurity issues to investors, because, frankly, so many companies still struggle with exactly what to say in securities filings. That issue came up at the Securities Enforcement Forum last week and we have some excellent insights to share with the class. First let’s note that the Securities…
Read MorePentagon Sounds Retreat on CMMC Compliance
The Defense Department has rolled out a new version of its CMMC program for cybersecurity compliance for defense contractors, dropping requirements for many defense contractors to get outside assessments of their cybersecurity and giving the Pentagon more discretion to waive security requirements for the rest. The changes, announced Thursday afternoon, are a climb-down from the…
Read MoreTalk About Cybersecurity Disclosure Rules
Cybersecurity enthusiasts, take note: even a Republican member of the Securities and Exchange Commission is calling for more rules on the subject, to help financial firms and publicly traded companies better understand their disclosure and investor protection duties. The remarks came from commissioner Elad Roisman, in a speech he delivered last week. Roisman stressed the…
Read MoreThoughts on AI From the Audit Perspective
The other week I had a post about the risk management challenges corporations will face as they integrate artificial intelligence into business operations. Several days later, my friend the Cybersecurity Auditor called me. “Dude,” he said, “I have many issues with AI and I think we’re missing another important point here.” OK, I replied, and…
Read MoreCybersecurity Struggles in the Defense Sector
Today in news that should surprise nobody: a new analysis of defense contractors finds that many are still struggling to understand their current cybersecurity posture, and to implement the controls that will keep the firms in compliance with the U.S. government’s heightened cybersecurity expectations. The report comes from CyberSaint, which sells software to help businesses…
Read More