Risk News

Don’t underestimate the cyberthreat from Syria and North Korea
"As the Trump administration confronts the nuclear ambitions of North Korea’s Kim Jong Un and the toxic fallout from Bashar al-Assad’s chemical warfare against Syrian civilians, it is worth remembering that both dictators also command cyber-units."
Annie's take:

It's difficult to now who is in charge of cyber strategy in the new administration, or if the analyses are shared or part of an integrated strategy with the national security council.
Will Congress Help Fund New State and Local Cyber Programs?
Back in early March, a bipartisan group introduced the State Cyber Resiliency Act. If passed and funded, the legislation would provide grants for state and local governments to improve cybersecurity protections and incident response."
Annie's take:

Cyber should be a bipartisan issue.
Financial Services Firms Report Spike in Cyber Preparedness, Anticipated Regulatory Scrutiny
"Duff & Phelps, the premier global valuation and corporate finance advisor, today highlighted research affirming that financial services professionals are poised to significantly accelerate resources dedicated to preventing and combating cyber breaches."
Annie's take:

As is usual, the financial services institutions lead all critical infrastructure sectors in preparedness against cyber threats.
United and Pepsi Affairs Force Brands to Respect Social Media
"When Jason Marker, the new chief executive of the company that owns Carl’s Jr. and Hardee’s, met with several of his marketing executives this week, one of his first requests was for screens to be installed in the company’s headquarters to display real-time social media conversations about its brands."
Annie's take:

Everyone who has a smartphone is a reporter these days, so companies have to put special focus on behaving well. United and Pepsi are examples of how not to get in the news.
Pirate radio: Signal spoof set off Dallas emergency sirens, not network hack
"Last Friday night, as midnight approached, someone managed to trigger the emergency siren system used by the city of Dallas for tornado warnings and other emergencies. And that someone managed to keep the alarms in action for 95 minutes—even after emergency services workers shut them off. The entire system had to be shut down."
Annie's take:

Not a hack, but rather a radio signal spoof...
Regular risk assessments can help mitigate cyber exposures
"Employees and third-party services are most likely the weakest links in a company’s cyber security system, but regular risk assessments can help prevent information leaks, a financial services regulatory attorney said last week."
Annie's take:

Straight from the regulator's mouth....
KPMG Fires Partners Over Leak of Audit Regulator’s Confidential Plan
"Five KPMG LLP partners, including the head of its audit practice, were fired after the Big Four accounting firm improperly obtained information about which audits its regulator planned to inspect, the company said."
Annie's take:

They'll probably never work again in the profession. KPMG made the right set of decisions here, but their reputation nevertheless takes a big hit -- especially since we learn in the article that they were the outside auditor for Wells Fargo and picked up nothing in their audits over the years.
Cyber Attack 101: Criminals Go After U.S. Universities
"Millions of student, staff and faculty email addresses and passwords from 300 of the largest universities in the United States have been stolen and are being circulated by cyber criminals on the dark web, according to a recent report."
Annie's take:

I would urge all my colleagues in colleges and universities to change their passwords.
A Call for a New Global Internet Security Strategy
"Everyone knows that the Internet has become the Wild West, with the number of bad actors/groups increasing each month."
Annie's take:

My column looks at internet security at several levels, and calls for a new strategy. Andy Herman's research note calls for a framework for Internet of Things (IoT)compliance.
Wells Fargo Claws Back $75 Million More From John Stumpf and Former Retail Bank Head
"Wells Fargo WFC +0.61% & Co.’s board said it has clawed back an additional $75 million of pay from two former executives it holds largely responsible for years of sales-practice problems."
Annie's take:

Evidently the board finally received the results of its investigation, and decided further action was necessary.
Congress addresses cyberwar on small business: 14 million hacked over last 12 months
"A bill making its way through the U.S. Senate proposes to do what cybersecurity experts say is long overdue: Create a set of resources and guidelines small businesses can use to protect themselves from a steadily increasing number of cyberattacks."
Annie's take:

Let's see if Congress can actually move forward here. It's a big problem for smaller businesses.
Almost 40 percent of industrial computers face cyber attacks
"In the second half of 2016 Kaspersky Lab products around the world blocked attempted attacks on 39.2 percent of protected computers that it classifies as being part of industrial enterprise technology infrastructure."
Annie's take:

A sobering report.
Fortinet CISO on securing critical infrastructure: ‘We can no longer bring a knife to a gunfight’
"Earlier this year Fortinet hired its first chief information security officer (CISO). The timing makes sense, as the company has grown into a leading security vendor with an integrated, security fabric vision that few competitors can match."
Annie's take:

A pretty accurate assessment...
Airports and nuclear power stations on terror alert as government officials warn of 'credible' cyber threat
"Britain’s airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems."
Annie's take:

Certainly critical infrastructure officials in this country are on a higher level of alert as well.