Posts Tagged ‘ransomware’
SEC Advice on Ransomware Disclosure
The Securities and Exchange Commission has published fresh advice about when companies need to disclose a ransomware incident to investors, warning that companies will need to perform materiality assessments and be prepared to disclose the attack even if the attack is small and the company returns to normal operations quickly. The agency released five compliance…
Read MoreNuttiest Cybersecurity Risk Ever
Well here’s a nutty new risk for cybersecurity compliance professionals at publicly traded companies: ransomware attackers reporting their own attacks against you to the Securities and Exchange Commission when you don’t meet their demands. Yes, this actually happened last week. A ransomware group known as Alphv breached MeridianLink, a California company that provides digital lending…
Read MorePointers on Preventing Ransomware
Among the many interesting discussions I heard at the Institute of Internal Auditors’ global conference this week, one particularly compelling session was about ransomware: how attackers try to foist it upon companies, and the internal controls you could implement to keep such attacks at bay. Since ransomware risk is going nowhere but up these days,…
Read MoreJustice Dept. Beefs Up Cyber Actions
Just in time for Russia’s invasion of Ukraine and the cyber attacks that inevitably will follow, the Justice Department is promising to use “disruptive action” against cyber criminals, even if those actions jeopardize the department’s chance for future charges and arrests. So said deputy attorney general Lisa Monaco on Thursday, speaking at the annual Munich…
Read MoreRansomware Update: It Still Sucks
We have a trio of reminders this week on the perilous state of corporate cybersecurity, with ransomware becoming an ever-more sophisticated threat and business ERP systems still persistently vulnerable to attack. Compliance professionals should take note, since effective strategies to combat ransomware depend on a strong compliance function. First is the latest alert from the…
Read MoreA Hair-Raising Ransomware Story
Anyone interested in a sobering example of cybersecurity risk management and disaster recovery planning gone wrong? Because we have a doozie, courtesy of Washington’s top cybersecurity preparedness agency. CISA, the Cybersecurity & Infrastructure Security Agency, released a bulletin last Friday warning corporate organizations about the threat of ransomware. The bulletin wasn’t much (two pages long)…
Read More