Category: Financial

Target (TGT) and one of its security vendors, Trustwave, were hit with another lawsuit earlier this week over the wide-scale data breach at the retailer. Two banks, Trustmark (TRMK) and Houston-based Green Bank, are seeking damages of more than $5 million … Link: http://www.foxbusiness.com/industries/2014/03/26/banks-sue-security-firm-trustwave-over-target-breach-report-343636749/

David Gibson, vice president with the data governance software specialist, said that Andrew Haldane of the Bank of England is right to be concerned about the issue, as it is clear that cybercriminals are now after any customer data they can extract from financial services institutions like banks, in order to monetise their frauds.

The key question, the Varonis VP went on to say, is that it is clear that consumers value the security of their data very highly – as witnessed by the fact that 97% of survey respondents said they are more willing to do business with a company that protects their data.

“Our survey results (http://www.varonis.com/research/#maturity) suggest that the vast number of breaches occurring on an almost daily basis indicates that businesses – just like individuals – are still struggling to get the basics right when it comes to securing their data,” he said.

“For this reason, all businesses – and not just banks – have a role to play in eradicating their bad digital habits and taking more control of their security by implementing basic security best practices – such as ensuring that staff only have access to the data they need, that all access to all data is monitored, and abuse is investigated,” he added.

Link: http://www.securitypark.co.uk/varonis-welcomes-bank-of-englands-high-levels-of-concern-on-cyberattacks/

f the SEC requires details on the material loss from cyber-attacks, the actual reporting of such proof is going to be a tall order on a company that’s already strapped for specialized IT security talent and working at fever pitch to manage risk. Until then cyber incidents continue to financially drain private and public companies, IT must clean up the mess and put a lid on it in order to save face with stakeholders.

As corporate data theft continues and investors demand answers, here are recommended actions companies can take now within their IT departments to ensure they are prepared to not only answer to to the SEC and investors, but also better prepared for managing the risks associated with maintaining and relying on global computer networks:

It’s All or Nothing: With today’s emerging technologies such as cloud computing, mobility and virtualization, it’s important to have a complete view of your IT landscape.

Less is More: Those with experience with Sarbanes-Oxley understand that access and entitlements to financial reporting systems is a vital control to exhibit, mainly due to the potential impact of manipulation of those systems.

Most companies that have their data or systems compromised as a result of security incident know full well the costs of repair and remediation; costs of deploying cybersecurity protections (including software like my company develops), litigation costs and the worst: reputational damage to brands and stock price.

While companies are following the guidance, many that have been the targets of these successful attacks have denied any material impact in their SEC filings – the lack of these filings proves that.

Link: http://www.forbes.com/sites/ciocentral/2013/05/15/how-to-prepare-for-when-the-sec-comes-asking-about-cybersecurity-risk/2/