RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20162016
Collapse SeptemberSeptember
Yahoo sued for gross negligence over cyber-attack that exposed 500 million accounts
How Technology Has Transformed the Terrorist Threat Fifteen Years After 9/11
What the Hacking at Yahoo Means for Verizon
Wells Fargo Taps Law Firm Amid Calls for Pay Clawbacks
Wells Fargo Tests Justice Department’s Get-Tough Approach
US cities promise to crack down on police surveillance tech
Wells Fargo’s Board: ‘Not Acting Fast Enough’
Wells chief is 'deeply sorry'
How Long Until Hackers Start Faking Leaked Documents?
How Wells Fargo’s High-Pressure Sales Culture Spiraled Out of Control
New York Proposes ‘Flexible’ Cybersecurity Regulation for Insurers, Banks
The Feds Will Soon Be Able to Legally Hack Almost Anyone
Wells Fargo CEO Defends Bank Culture, Lays Blame With Bad Employees
New Wells Fargo Insurance Cyber Security Study Shows Companies More Concerned With Private Data Loss Than With Hackers
Staring Down the Bogeyman
What Happens After ISIS Falls?
A Walk Around the Void of 9/11
Wells Fargo to Pay $185 Million Fine Over Account Openings
Senate Staffers’ First Ever Cybersecurity Training Was Simple AF
How Baltimore Became America’s Laboratory for Spy Tech
Whom to Vote For? Employees Tend to Follow Their Leader
Election components as critical infrastructure
New cloud attack takes full control of virtual machines with little effort
Companies Back Microsoft’s Effort to Alert Users When Authorities Seek Their Data
FTC v. Wyndham and corporate cybersecurity
How agencies doubled the number of new cybersecurity hires this year
Expand AugustAugust
Expand JulyJuly
Expand JuneJune
Expand MayMay
Expand AprilApril
Expand MarchMarch

Risk News

9/27/2016
Yahoo sued for gross negligence over cyber-attack that exposed 500 million accounts

"Yahoo Inc was sued on Friday by a user who accused it of gross negligence over a massive 2014 hacking in which information was stolen from at least 500 million accounts."

Annie's take:

This is only the beginning of a series of lawsuits that will surely be filed.

9/26/2016
How Technology Has Transformed the Terrorist Threat Fifteen Years After 9/11

"Fifteen years after the September 11 attacks, the threat of terrorism not only persists but now transcends borders, challenging investigators like never before."

Annie's take:

It's worth the download.

9/25/2016
What the Hacking at Yahoo Means for Verizon

"It was the kind of phone call no chief executive wants to make — or receive — in the middle of a multibillion-dollar deal."

Annie's take:

We are still wondering why the hack was not disclosed during due diligence proceedings on the deal.

9/24/2016
Wells Fargo Taps Law Firm Amid Calls for Pay Clawbacks

"Wells Fargo & Co.’s board tapped Shearman & Sterling LLP to advise it on executive-compensation matters, amid calls to claw back certain executives’ pay over the bank’s sales-tactics scandal, people familiar with the matter said."

Annie's take:

Let's hope that the board gets the right advice, and enacts clawbacks on at least these three top executives, so that the regulators don't have to step in again.

9/23/2016
Wells Fargo Tests Justice Department’s Get-Tough Approach

"In response to widespread public criticism that the government has been too lenient with executives responsible for corporate crime, Deputy Attorney General Sally Quillian Yates issued tough new guidelines last year for federal prosecutors."

Annie's take:

As it may turn out, Wells Fargo could become the poster child for holding senior executives responsible.

9/22/2016
US cities promise to crack down on police surveillance tech

"A handful of US cities are banding together in an effort to change the way police acquire and use surveillance technology."

Annie's take:

I'm pleased to see Seattle on this very small list.

9/21/2016
Wells Fargo’s Board: ‘Not Acting Fast Enough’

"Facing repeated questions about what would happen to Wells Fargo & Co.’s top executives in the wake of its sales-practice scandal, Chief Executive John Stumpf gave much the same answer: It’s up to the bank’s board."

Annie's take:

Perhaps the board at Wells Fargo now understands just exactly how egregrious the failure to take action on top executives at the bank was. We are talking when they found out in 2014.

9/20/2016
Wells chief is 'deeply sorry'

"The chief executive of Wells Fargo, John G. Stumpf, will say in testimony Tuesday morning that he is “deeply sorry” for selling customers unauthorized bank accounts and credit cards and that he takes “full responsibility” for the unethical activity, according to a copy of the remarks prepared for a Senate Banking Committee hearing. "

Annie's take:

The legal team at Wells Fargo must have worked hard to get this level of contrition into Stumpf's testimony. From everything I've read anywhere else, he doesn't really think that there is a problem with the bank's culture, or with tone at the top.

9/18/2016
How Long Until Hackers Start Faking Leaked Documents?

"In the past few years, the devastating effects of hackers breaking into an organization's network, stealing confidential data, and publishing everything have been made clear."

Annie's take:

Good article that describes an emerging threat.

9/17/2016
How Wells Fargo’s High-Pressure Sales Culture Spiraled Out of Control

"At a sales meeting in Florida in 2014, Wells Fargo & Co. regional executives scolded lower-level managers about an obvious problem that kept cropping up at the bank."

Annie's take:

This is the most nuanced reporting on the sales culture that drove the cross selling, as well as the ranks of those fired over the years.

9/16/2016
New York Proposes ‘Flexible’ Cybersecurity Regulation for Insurers, Banks

"The New York State Department of Financial Services (DFS) has proposed cybersecurity regulation for financial services companies that aims to protect New York state’s financial services industry from an increasing risk of cyber attacks, Governor Andrew Cuomo announced."

Annie's take:

Could this new form of regulation be a game changer outside New York as well?

9/15/2016
The Feds Will Soon Be Able to Legally Hack Almost Anyone

"Digital devices and software programs are complicated. Behind the pointing and clicking on screen are thousands of processes and routines that make everything work. So when malicious software—malware—invades a system, even seemingly small changes to the system can have unpredictable impacts."

Annie's take:

Worth noting and tracking this move, in particular the amount of visibility this issue has with Congress.

9/14/2016
Wells Fargo CEO Defends Bank Culture, Lays Blame With Bad Employees

"As public and congressional pressure mounted on Wells Fargo & Co. executives, its top two bankers had an explanation Tuesday for allegedly illegal sales practices across the company: It was employees’ fault."

Annie's take:

"There was no incentive for employees to do bad things," he said. Really? The culture is not what your vision statement says it is. The culture is what the culture is. Here, it seems only appropriate that Wells Fargo has since lost its place as the largest bank in the country.

9/13/2016
New Wells Fargo Insurance Cyber Security Study Shows Companies More Concerned With Private Data Loss Than With Hackers

"With network security top of mind, businesses are nearly two times more concerned with losing private data (47 percent ) than hackers disrupting their systems (26 percent), according to the 2016 Network Security and Data Privacy Study, released today by Wells Fargo Insurance, part of Wells Fargo & Company (WFC)."

Annie's take:

Quite an irony here in the release of this report, at the same time Wells Fargo has had to disclose it is being fined $185M for fraud committed on it by over 5,00s customers by over 5,000 employiees (insider threat).

9/12/2016
Staring Down the Bogeyman

"It hardly seems possible that fifteen years have passed since 9/11."

Annie's take:

This month's newsletter contains my reflections on the 9/11 Commission's unenacted recommendations; and a marvelous research note by Matthew Weldon on hypervigilance.

9/11/2016
What Happens After ISIS Falls?

"On July 4, 2014, a black-turbaned cleric named Abu Bakr al-Baghdadi took to the pulpit of the Grand Mosque in the Iraqi city of Mosul and proclaimed the founding of a new caliphate."

Annie's take:

On this, a day of remembrance, here's a look back and ahead at terrorism in the Mideast.

9/11/2016
A Walk Around the Void of 9/11

"Walk onto the plaza in Lower Manhattan and you hear the memorial before you see it — a whooshing through the oak trees."

Annie's take:

Every time I am in New York, I visit the 9/11 memorial. For most of us, the best we can do is remember. For some of us, it is also a defining, teachable event in American history. And for the living first responders and the families of the dead, it is still as real as it was 15 years ago.

9/9/2016
Wells Fargo to Pay $185 Million Fine Over Account Openings

"Wells Fargo & Co. was slapped with a $185 million fine Thursday for “widespread illegal” sales practices that included opening as many as two million deposit and credit-card accounts without customers’ knowledge, federal and local authorities said."

Annie's take:

I have asked the publishers if I could add a paragraph to my chapter on the root causes of conduct risk, to deal with this story -- ironically, pushed way down on news pages because of presidential election coverage.

9/8/2016
Senate Staffers’ First Ever Cybersecurity Training Was Simple AF

"“Don’t click on spear phishing emails” was the main message handed down to Senate staffers this week, who received a 20 minute online tutorial on online safety and security."

Annie's take:

Imagine if every government agency and corporate entity took 20 minutes to explain the most basic -- and still the largest cause -- of successful breaches.

9/7/2016
How Baltimore Became America’s Laboratory for Spy Tech
Annie's take:

Technology solutions often create more privacy challenges than reductions in crime statistics.

9/7/2016
Whom to Vote For? Employees Tend to Follow Their Leader

"Late last month, Tim Cook, Apple’s chief executive, hosted a private fund-raiser for Hillary Clinton in Los Altos, Calif., along with his colleague Lisa Jackson, vice president of Apple’s environmental, policy and social initiatives. The private, off-the-record event required a donation of $2,700 to $50,000."

Annie's take:

Donating money to the same candidate your boss does in no way obviates the privacy of the ballot box -- though it is unfortunate that the pressure to go along with the boss is felt at all. To me, this was one of the most repugnant parts of corporate life, in my case being asked as a senior executive to contribute to a PAC that would support candidates on the right side of banking issues. I declined every time.

9/6/2016
Election components as critical infrastructure

"On June 6, 1968, the day after Robert Kennedy’s assassination, Congress took action to protect the integrity of American political process. By passing House Joint Resolution 1292, lawmakers extended Secret Service protection to major presidential and vice presidential candidates. To this day, the Secret Service continues to cover presidential candidates, ensuring that a crazed individual or hostile nation cannot deny the American public the opportunity to elect its favored leaders."

Annie's take:

As the author says, bytes can now do what bullets did years ago. We need to have a serious action plan here.

9/4/2016
New cloud attack takes full control of virtual machines with little effort

"The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits in computer memory. It's a technique that's so surgical and controlled that it allows one machine to effectively steal the cryptographic keys of another machine hosted in the same cloud environment."

Annie's take:

What's next?

9/3/2016
Companies Back Microsoft’s Effort to Alert Users When Authorities Seek Their Data

"More than a dozen tech companies, including Apple Inc., Amazon.com Inc. and Google parent Alphabet Inc., have unified behind Microsoft Corp.’s legal bid to alert customers when federal agents have requested their digital data."

Annie's take:

A ringing endorsement of the Fourth Amendment from a variety of sources.

9/2/2016
FTC v. Wyndham and corporate cybersecurity

"The case of FTC v. Wyndham is one of the most important security and privacy cases decided in the last 10 years."

Annie's take:

A good way to frame up all the issues and pointers from the court's decision.

9/1/2016
How agencies doubled the number of new cybersecurity hires this year

"Agencies have hired twice as many cyber professionals this year compared to the last, according to the Office of Personnel Management. The increase in hiring comes in part because agencies still have some large mission critical gaps to fill."

Annie's take:

This is very good news, especially the focus on training new hires (and existing employees).