Risk News

8/22/2017
UBER UNFAIRUber customers warned about smartphone virus that could steal their bank card information
"UBER customers have been warned that crooks have found a way to steal their credit card details as they use the ride-sharing app."
Annie's take:

Will this company survive? That it is privately held is at present the only reason it is still operating.
8/21/2017
A former Marine cyber warrior explains how hackers will transform the face of modern combat
"The modern battlefield is changing dramatically with the advent of increasingly sophisticated technologies, from missile defense shields like THAAD to drones, armed robots and Boba Fett-style bulletproof helmets."
Annie's take:

After last week, it's hard to imagine how things could get any worse. But we have the South Korea exercises and an address to the nation this evening on the way forward in Afghanistan.
8/20/2017
U.S. Worried North Korea Will Unleash Cyberattacks
"As tensions rise over North Korea's potential nuclear missile threat, U.S. officials and outside experts are increasingly concerned the rogue regime will respond to international pressure by lashing out with a weapon it has already mastered: cyberattacks that can disable corporate networks, steal money from banks and potentially disrupt critical infrastructure."
Annie's take:

The U.S.-South Korea tests begin tomorrow, and rhetoric from North Korea has already heated up.
8/18/2017
Financial services: Reduce the cyber risk from within
"Financial services organisations are at an inherently greater risk of cyber attacks due to the sensitive nature of the data they store, and the monetary motivations of cybercriminals, they are keenly aware of the damage that can result from being a victim of a data breach."
Annie's take:

The banking sector continues to experience the highest volume of attacks from inside and externally as well.
8/17/2017
In Supreme Court Brief, Technologists Warn Against Warrantless Access to Cell Phone Location Data
"In an amicus brief filed in the U.S. Supreme Court, leading technology experts represented by the Knight First Amendment Institute at Columbia University argue that the Fourth Amendment should be understood to prohibit the government from accessing location data tracked by cell phone providers — “cell site location information” — without a warrant."
Annie's take:

It will be interesting to see how this argument plays out in front of the Supreme Court.
8/16/2017
State Department quietly establishes new cybersecurity office
"The State Department quietly established a new office earlier this year within its Diplomatic Security Service to safeguard against and respond to cybersecurity threats."
Annie's take:

A wise decision.
8/15/2017
Cyber security: Firms underestimate ‘seismic aftershock’ of breaches
"UK businesses are overconfident in their cyber security planning and underestimate the damage of the “seismic aftershock” that occurs after a breach, according to a new report."
Annie's take:

Though the study is British, I would guess American results would look about the same.
8/14/2017
The Stakes Have Never Been Higher
"My summer reading has focused primarily on two important books."
Annie's take:

The best I can do this month is in this column.
8/13/2017
Trump babbles in the face of tragedy
"One of the difficult but primary duties of the modern presidency is to speak for the nation in times of tragedy."
Annie's take:

We are at this time an impoverished nation, and not just on rhetoric.
8/11/2017
FBI says Islamic State used eBay and PayPal to channel money to the US
"Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the US, The Wall Street Journal reports."
Annie's take:

One wonders how many other instances the FBI has of such activity? And are eBay and PayPal the only couriers? Do the usual AML reporting processes applies to companies that are not banks?
8/10/2017
Why state and local government still struggle with cybersecurity
"State and local governments are struggling to deal with a number of cybersecurity threats."
Annie's take:

It's time to synch up state and local cyber teams with national intelligence teams in a better model than "fusion centers." If the recent moves by the City of New York are any indicator, more scrutiny and forward intelligence is required.
8/9/2017
'Information' is playing outsize role in warfare
"Top competitors, Stewart said, are organizing their forces in this new information space and have developed doctrine to fight and win in the information age."
Annie's take:

This morning, after yesterday's reckless rhetoric, all I can think is that emotion trumps information in this administration.
8/8/2017
De Blasio signs executive order to launch city ‘cyber command’
"Mayor de Blasio quietly signed an executive order last month creating an ­office known as the New York City Cyber Command — a new outfit that’s intended to protect the city against online attacks and other cyber-threats."
Annie's take:

Smart move, given national state of affairs right now.
8/7/2017
Cybersecurity Compliance Gets Tougher
"Another high-profile corporate hack puts cybersecurity back into the spotlight as thieves made off with 1.5 TB of data from HBO, including scripts of upcoming Game of Throne episodes."
Annie's take:

The bar has been raised once again.
8/5/2017
Volkswagen Executive Pleads Guilty in U.S. Emissions Cheating Case
"Volkswagen AG executive Oliver Schmidt pleaded guilty on Friday in U.S. District Court in Detroit in connection with a massive diesel emissions scandal that has cost the German automaker as much as $25 billion."
Annie's take:

So few executives go to jail. Let's see what sentencing looks like in this case.
8/4/2017
Uber knowingly rented out faulty cars, WSJ says; firm says problem fixed
"Uber Technologies Inc [UBER.UL] knowingly rented its drivers defective cars at risk of catching fire, the Wall Street Journal reported on Friday, and the ride-hailing firm said it moved to fix the problem after one of the vehicles suffered a blaze."
Annie's take:

Another facet of reckless management, this time involving safety issues. It's no surprise that the current board is split on what they are looking for in a new CEO.
8/3/2017
HBO suffers cyber attack, hacked; Game of Thrones Season 7 upcoming episodes, script, data leaked online
" Many entertainment companies have suffered cyber hack in the past and the latest one to join the list is HBO."
Annie's take:

You would think that all the studios would have upped their security postures after the last big hack. Ugh!
8/2/2017
Most damaging threat vector for companies? Malicious insiders
"According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced."
Annie's take:

This SANS survey is related to a topic I'll be discussing at the September ISACA Puget Sound chapter meeting on September 195h.
8/1/2017
Apple’s Silence in China Sets a Dangerous Precedent
"A year ago, the Federal Bureau of Investigation made an extraordinary demand of Apple."
Annie's take:

It's absolutely appropriate to track what the new Chinese censorship laws are doing to American companies, but I think the analogy to Apple and its refusal to crack an encrypted phone for the FBI is imperfect.