Posts Tagged ‘cybersecurity’
Another Cyber Disclosure Example!
Well this is a splendid bit of good timing: two days after we wrote about poor disclosure of a cybersecurity breach at one large company, another large company has suffered a breach of its own and given us a very different example of how to handle your disclosure duties. The latest victim is T-Mobile, which…
Read MoreSEC Schools Pearson on Cyber Disclosure Failures
We have yet another reminder from the Securities and Exchange Commission today about the importance of full and accurate disclosure of cybersecurity breaches, this time in the form of a $1 million fine against education publisher Pearson for making misleading statements about a breach the company suffered in 2018. Pearson is a British company that…
Read MoreExample of Cybersecurity Disclosure Failures
The Securities and Exchange Commission has fined a New York title insurance company $488,000 for failing to disclose cybersecurity problems to investors in a timely manner, in yet another example of how cybersecurity risks can spawn a secondary wave of compliance risks too. The company in question is First American Financial Corp., parent company of…
Read MoreThe Shifting Calculus on Cybersecurity
So there I was the other day, talking to one of the many tech vendors in this field, when our conversation turned to a perpetually puzzling question: Why is the relationship between compliance and cybersecurity so difficult to get right? After all, my acquaintance and I lamented, cybersecurity has been one of the top corporate…
Read MoreAnother Look at Cybersecurity Shortcomings
The other week the Biden Administration issued an executive order to improve cybersecurity across the federal government. Now we have a peek at just how bad numerous government agencies are at the task — and what steps they’re likely to take to improve the situation, which could affect government contractors providing IT services. Said peek…
Read MoreParsing Biden’s Cybersecurity Order
Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…
Read MoreA Suspicious Activity, Cybersecurity Mess
A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble. The firm in question…
Read MoreAnother Example for SOX & Cybersecurity
From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case. The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…
Read MoreThe Cracks in Third-Party Risk Management
Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…
Read MoreMore on Cybersecurity, Compliance Risk
We have another report on cybersecurity threats this week, one that demonstrates just how difficult it is for large organizations to address this risk effectively — because while the vulnerabilities themselves are squarely a CISO’s concern, the damage they can cause is very much a regulatory compliance problem. The report comes from Onapsis, a cybersecurity…
Read More