Cybergovernance Journal Update – 11/27/2015
As more breaches happen and shareholder lawsuits follow, discovering how your organization as a whole, not just the technology team, deals with cybersecurity grows in importance. Directors must also understand how data must be handled in order to combat global espionage that is growing with the rise of global workforces.
Mapping Cybersecurity: Discover Hidden Structures in Your Org Chart
Cybergovernance Journal, Nov. 25
The real problem with security is that assuming that cybersecurity is the exclusive domain of technologists. Human resources, procurement, risk management should be well informed and actively involved in creating the firm’s security posture. If they aren’t, then your organization is operating with significant blind spots in a risky environment. It is time to expand the scope of cybersecurity to the other critical stakeholders in your firm.
Shareholders: Expect More Cybersecurity Lawsuits in 2016
PropertyCasualty360, Nov. 19
A survey of 276 board members by NYSE Governance Services and security firm Veracode found 60% of respondents expect an increase in shareholder lawsuits against companies due to cybersecurity issues, while 72% expect more cyber-related regulation in the near future.
7 Most Important Questions for Directors of Companies Dealing with Data
SiliconRepublic, Nov. 24
Cyber liability, cybersecurity and information governance are terms that directors are becoming more aware of due to high-profile data security breaches. Where there is liability, there is a corresponding responsibility for that liability. As the duties of directors come increasingly under the microscope, it is clearly in the interests of directors to ensure that they understand their responsibilities in this area.
Hilton Acknowledges Credit Card Breach
Krebs on Security, Nov.15
Hilton said the data stolen includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs). The announcement from Hilton comes just five days after Starwood Hotel & Resorts Worldwide — including some 50 Sheraton and Westin locations — was hit by a similar breach that lasted nearly six months.
Learn a New Word: Timestomping
SC Magazine, Nov. 23
Researchers at Damballa have discovered a toolset that may have helped the Destover and Shamoon malware remain undetected when they used to hack Sony and Saudi Aramco. Two new utilities were found that could stealthily move through a network work. Both enabled the Sony and Saudi Aramco hackers to avoid detection and stay inside the compromised systems for months.
Economic Espionage: The Global Workforce and the Insider Threat
Security Intelligence, Nov. 20
The insider threat is a very real phenomenon that’s worthy of attention regardless of your organization’s size. The IBM 2015 Cyber Security Intelligence Index report provided sobering numbers: 31.5 percent of data breaches are attributable to malicious insiders and 23.5 percent are due to insider errors or non-adherence to process and policies that lead to inadvertent data breaches or disclosures.