SEC Advice on Ransomware Disclosure 

ransomware

The Securities and Exchange Commission has published fresh advice about when companies need to disclose a ransomware incident to investors, warning that companies will need to perform materiality assessments and be prepared to disclose the attack even if the attack is small and the company returns to normal operations quickly. The agency released five compliance…

Read More

Nuttiest Cybersecurity Risk Ever

cybersecurity

Well here’s a nutty new risk for cybersecurity compliance professionals at publicly traded companies: ransomware attackers reporting their own attacks against you to the Securities and Exchange Commission when you don’t meet their demands.  Yes, this actually happened last week. A ransomware group known as Alphv breached MeridianLink, a California company that provides digital lending…

Read More

Pointers on Preventing Ransomware 

ransomware

Among the many interesting discussions I heard at the Institute of Internal Auditors’ global conference this week, one particularly compelling session was about ransomware: how attackers try to foist it upon companies, and the internal controls you could implement to keep such attacks at bay. Since ransomware risk is going nowhere but up these days,…

Read More

Justice Dept. Beefs Up Cyber Actions

cybersecurity

Just in time for Russia’s invasion of Ukraine and the cyber attacks that inevitably will follow, the Justice Department is promising to use “disruptive action” against cyber criminals, even if those actions jeopardize the department’s chance for future charges and arrests.  So said deputy attorney general Lisa Monaco on Thursday, speaking at the annual Munich…

Read More

Ransomware Update: It Still Sucks

ransomware

We have a trio of reminders this week on the perilous state of corporate cybersecurity, with ransomware becoming an ever-more sophisticated threat and business ERP systems still persistently vulnerable to attack. Compliance professionals should take note, since effective strategies to combat ransomware depend on a strong compliance function. First is the latest alert from the…

Read More

A Hair-Raising Ransomware Story

ransomware

Anyone interested in a sobering example of cybersecurity risk management and disaster recovery planning gone wrong? Because we have a doozie, courtesy of Washington’s top cybersecurity preparedness agency. CISA, the Cybersecurity & Infrastructure Security Agency, released a bulletin last Friday warning corporate organizations about the threat of ransomware. The bulletin wasn’t much (two pages long)…

Read More