Nuttiest Cybersecurity Risk Ever

disclosure

Well here’s a nutty new risk for cybersecurity compliance professionals at publicly traded companies: ransomware attackers reporting their own attacks against you to the Securities and Exchange Commission when you don’t meet their demands.  Yes, this actually happened last week. A ransomware group known as Alphv breached MeridianLink, a California company that provides digital lending…

Read More

Pointers on Preventing Ransomware 

ransomware

Among the many interesting discussions I heard at the Institute of Internal Auditors’ global conference this week, one particularly compelling session was about ransomware: how attackers try to foist it upon companies, and the internal controls you could implement to keep such attacks at bay. Since ransomware risk is going nowhere but up these days,…

Read More

Justice Dept. Beefs Up Cyber Actions

SolarWinds

Just in time for Russia’s invasion of Ukraine and the cyber attacks that inevitably will follow, the Justice Department is promising to use “disruptive action” against cyber criminals, even if those actions jeopardize the department’s chance for future charges and arrests.  So said deputy attorney general Lisa Monaco on Thursday, speaking at the annual Munich…

Read More

Ransomware Update: It Still Sucks

ransomware

We have a trio of reminders this week on the perilous state of corporate cybersecurity, with ransomware becoming an ever-more sophisticated threat and business ERP systems still persistently vulnerable to attack. Compliance professionals should take note, since effective strategies to combat ransomware depend on a strong compliance function. First is the latest alert from the…

Read More

A Hair-Raising Ransomware Story

ransomware

Anyone interested in a sobering example of cybersecurity risk management and disaster recovery planning gone wrong? Because we have a doozie, courtesy of Washington’s top cybersecurity preparedness agency. CISA, the Cybersecurity & Infrastructure Security Agency, released a bulletin last Friday warning corporate organizations about the threat of ransomware. The bulletin wasn’t much (two pages long)…

Read More