Cybersecurity Governance News – 2/19/16
Turning cybersecurity theory into practice is a challenge in the government and business spheres. The real world consequences of overconfidence in partially implemented plans can lead to ransomware demands and data breaches, putting CEO and Boards at risk of litigation.
Cybergovernance Journal, Feb. 15
Breaches are almost always traced to a human failing rather than faulty technology or a bad implementation. Putting the right threat protection technology in place is an absolute necessity, but a strong case can be made for focusing on the organization first and then on the technology measures.
Canadian Underwriter, Feb. 12
Respondents to the study displayed “high levels” of confidence in their ability to detect a data breach, yet when asked how long it would take automated tools to detect unauthorized configuration changes to an endpoint on their organizations’ networks, 67% only had a general idea, were unsure, or did not use automated tools.
WIRED, Feb. 11
Symantec recently pegged the total amount of ransomware paid out in any given year at $5 million. This single incident asks for well over half that amount. In the past, ransomware could only lock down a target’s keyboard and computer; now, hackers can encrypt an infected system’s files with a private key known only to the attacker.
LogRhythym White Paper
As cyber criminals step up their game, government regulators get more involved, litigators and courts wade in deeper, and the public learns more about cyber risks, corporate leaders will have to step up accordingly.
LinkedInPulse, Feb. 17
“Cyber coverage falls into two categories: (1) forms that offer coverage for first-party risks, such as cybercrime, viruses and system malfunctions; and (2) forms that insure against third-party risks, such as data breach claims and claims for the infection of outside systems.” Now a third form is needed to address personal liability incurred by corporate directors in governing cybersecurity.