What we’re reading this week from the world of technology and operational risk management...
Bloomberg counted 436 companies citing “cybersecurity” as a risk factor in their Securities and Exchange Commission filings in the first half of 2017, compared to 403 companies in 2016. “Cybersecurity is no longer just an IT issue,” one attorney tells Bloomberg, it’s an enterprise risk issue.
Some smart tips from an insurance expert. Example: System logging is key. “Without logs, a company may be forced to assume a breach occurred because it cannot prove otherwise.”
Cyberattack Advances Complicate Company Communications Wall Street Journal [subscription required]
A candid conversation among three veteran CISOs about their profession at a turning point. Says one: “C-level executives and boards are all trying to prevent material impact to their organizations and what we have to say as network defenders is, ‘Here’s some technology risk and here’s what it means for the business,’ and we’re not very good at that."
Insights from an insurance company’s breach response team, including finance, education, healthcare sectors. Accidental breaches by employees and third-party vendors nearly equal attacks by malicious outsiders.
As quarterly earnings reports come out, more is revealed about the toll taken on operations by the Petya virus variant that attacked corporate networks in June. Merck, Mondelez, FedEx and others have reduced earnings estimates.
How bad Is the HBO Hack? The Company Is Still Struggling to Find Out. The Washington Post
Hackers released video of upcoming show episodes and a script for a “Game of Thrones” episode, part of what they claimed was an exfiltrated 1.5 terabytes of data. The company says it does not believe email was compromised. The hack brings to mind the ransom attempt on Netflix in May; that entertainment company refused to pay extortion money for show video held hostage.