Risk News

3/28/2017
New Bill Forces Cybersecurity Responsibility Into the Boardroom
"The need for board-level responsibility for cyber security is generally accepted but not always applied. A new bill introduced to the Senate seeks to change this by requiring a board level statement of cyber security expertise or practice in annual SEC filings."
Annie's take:

Upon first glance, it appears that annual reporting in this area should not be onerous, but should force some boards to look again at what capabilities are available.
3/27/2017
Middle East Cyber Security Market Worth $22.14 Billion by 2022
"According to a new market research report "Middle East Cyber Security Market by Solution (IAM, Encryption, DLP, UTM, Antivirus/Antimalware, Firewall, IDS/IPS, Disaster Recovery), Service, Security Type, Deployment Mode, Organization Size, Vertical, and Country - Forecast to 2022", published by MarketsandMarkets, The Middle East Cyber Security Market size is expected to grow from USD 11.38 billion in 2017 to USD 22.14 billion by 2022, at an estimated Compound Annual Growth Rate (CAGR) of 14.2%."
Annie's take:

Risk and reward both appear to be concentrated in the Middle East.
3/25/2017
U.K. Police Seize Computer Data in London Terror-Attack Investigation
"Police seized massive amounts of computer data and were in contact with thousands of witnesses, authorities said Friday, as they tried to piece together a portrait of the man behind the deadliest terrorist attack in the British capital in more than a decade."
Annie's take:

It has become nearly impossible for authorities to know with certainty whether those they have identified but not monitored will turn dangerous at a later date.
3/24/2017
Five Creepy Things Your ISP Could Do if Congress Repeals the FCC’s Privacy Protections
"Why are we so worried about Congress repealing the FCC’s privacy rules for ISPs? Because we’ve seen ISPs do some disturbing things in the past to invade their users’ privacy. Here are five examples of creepy practices that could make a resurgence if we don’t stop Congress now."
Annie's take:

If I'm not mistaken, Congress just voted to repeal the FCC privacy protections, so this article is even more useful now that we know what is coming.
3/23/2017
Cybersecurity industry hopes women will help fill 1.8 million jobs
"In a room heavy with testosterone at Regis University last weekend, the college team that outwitted volunteer hackers at a cybersecurity competition had four women and four men."
Annie's take:

As a member of the Executive Women's Forum, I have to say that I agree with all comments made in this article by Lynn and Joyce.
3/22/2017
CyberScoop’s 2017 Top Women in Cybersecurity
"If you’ve been to any type of tech conference, you may have heard someone use the phrase “people, process and technology.” We’ve been told time and time again that if people solely rely on technology to protect their digital assets, the status quo of mega-breaches and wide-scale attacks will only continue."
Annie's take:

Recognize any of these women?
3/21/2017
"Why Didn't We See That One Coming?"
"I led two conduct risk workshops on March 13 in New York City that preceded the Operational Risk North America conference which should have begun on March 14, but gotcancelled because of a severe winter storm."
Annie's take:

My latest foray into conduct risk issues, wherein regulators try to figure out if there is a metric or key risk indicator that could be set that does not already exist for conduct risk.
3/20/2017
Hyperconnectivity and IoT Set to Radically Disrupt Cyber by 2019
"Hyperconnectivity driven by the rise of the digital-everything economy and the internet of things (IoT) will soon disrupt the cybersecurity landscape in a way that hasn’t been seen in the past—and organizations should act now to be prepared."
Annie's take:

How many more reports will we have to read to be convinced?
3/18/2017
The Banker-Turned-Seminarian Trying to Save Citigroup’s Soul
"Can a big bank have a conscience? Citigroup hired one."
Annie's take:

Dumb headline, but good decision to hire him.
3/18/2017
The CIA Didn’t Break Signal or WhatsApp, Despite What You’ve Heard
"There’s been one particularly misleading claim repeated throughout coverage of CIA documents released by WikiLeaks today: that the agency’s in-house hackers “bypassed” the encryption used by popular secure-chat software like Signal and WhatsApp."
Annie's take:

A much needed clarification.
3/15/2017
Misaligned incentives, executive overconfidence create advantages for cyberattackers

"New report outlines how cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace."

Annie's take:

Another important new report that will fit right into my spring quarter class, "Information and Operational Risk."

3/14/2017
Energy sector turns to security firms to stop cyberattacks

"A growing industry of boutique security firms has emerged as oil and gas companies seek outside help to protect their networks from increasingly savvy and aggressive cyberattacks."


Annie's take:

The energy sector is critical for all other critical infrastructor sectors, so improvements here are optimum.

3/13/2017
Channeling Nelson Mandela

"I taught my two last classes of the winter quarter this week. "

Annie's take:

My column looks at the value of education as well as at the disruption caused by the new U.S. administration.

3/11/2017
The internet of things: Home is where the hackers are

"When George Orwell envisioned the “telescreen” — the TV that keeps constant tabs on its viewers — in 1984, he predicted that governments would use technology to cross the threshold into our private lives."

Annie's take:

An excellent threat assessment.

3/10/2017
Cyber order coming soon, says exec briefed by White House

"Donald Trump’s anticipated cybersecurity executive order could be done in a week or so."

Annie's take:

It's not clear who in the White House is in charge of cybersecurity. This evidently will be the way we find out.

3/9/2017
Exposure of CIA hacking tools renews debate over Americans’ cybersecurity vs. national security

"WikiLeaks’ release on Tuesday of a massive cache of data describing CIA hacking tools has renewed a debate over how well the U.S. government balances the protection of Americans’ cybersecurity against the need to protect national security."

Annie's take:

The American Civil Liberties Union raises some valid points here.

3/8/2017
Is Mentorship the Key to Recruiting Women to Cybersecurity?

"The cybersecurity industry has got a lot of work to do in order to shift the gender balance of its talent pool. Industry figures show that - in terms of recruitment of women -  cybersecurity remains stagnant, with some of the worst male-to-female ratios in the technology workforce."

Annie's take:

There is a link to the survey in this article, if you are interested in reading more.

3/7/2017
Wikileaks 'reveals CIA hacking tools'

"Wikileaks has published details of what it says are wide-ranging hacking tools used by the CIA.

The alleged cyber-weapons are said to include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers."

Annie's take:

The fallout from this set of materials is likely to rival that of Edward Snowden's drop several years ago.

3/6/2017
Cybersecurity: computers or humans – where does the threat lie?

"Digitalisation plays a key role in the fight against payment fraud. Yet Commerzbank’s cybercrime specialists in cash services show that even in this technologically advanced environment, security threats persist. Companies must take steps to ensure that human beings – as well as computers – are protected against crime. "

Annie's take:

We are exploring this question in detail at The Great Conversation being held today and tomorrow at Bell Harbor in Seattle.

3/2/2017
What is cyber warfare?

"The Oxford Dictionaries definition of cyberwar is “The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate attacking of information systems for strategic or military purposes.” "

Annie's take:

Let's hope our military intelligence personnel have a good definition.

3/1/2017
Fewer Than One-Fourth Of Cybersecurity Job Candidates Are Qualified

"ISACA report finds that 55% of security jobs take three- to six months to fill, and under 25% of candidates are qualified for the jobs they apply for."

Annie's take:

The report should be read by everyone who prepares students for cybersecurity specializations.