With Cybersecurity, It Comes Back to Basics

No matter how sophisticated your company’s cyberdefenses are, attackers—even unsophisticated ones–usually will find a way into your system, due in large part to the people factor of cybersecurity–namely, as long as networks are built and maintained by people, there will be mistakes made that create opportunities for hackers to exploit. That said, Craig Hoffman, a partner at BakerHostetler specializing in privacy and data protection, said in a blog post that most after-the-fact reviews by incident response teams find “paying better attention to basic security measures would have prevented the issue.”

Companies need to realize their network environment isn’t uniform, that there are devices accessing the network unknown to the security team, that there is data residing on the network of which security is not aware and that over time a number of exceptions and workarounds have been created, said Mr. Hoffman in the blog post. “Identifying a forensic firm before the incident, negotiating the terms of a master services agreement in advance, and then meeting with that firm to discuss how it will investigate and what data is needed would have facilitated a faster response, investigation, containment and final analysis,” he wrote in the blog post. Companies also need to follow through on the “verify” part of the old mantra “trust but verify,” make sure people review the terabytes of data in all those logs generated by the expensive security tools the company paid for and be willing to confront assumptions about a vendor’s ability to maintain and manage security, he wrote.

As important as trying to prevent data theft is making your systems resilient so they can withstand an attack with minimal disruption, said Mr. Hoffman. Many companies that have focused primarily on preventing data theft are now addressing: “Whether their critical operating systems are as well-guarded as systems that interact with sensitive data, what backup capabilities and procedures are in place in the event of a widespread outbreak of ransomware?” Also, he said as companies craft plans in anticipation of facing a ransomware or cyber-extortion scenario, they need to decide whether they should create and fund a bitcoin wallet and what denial-of-service mitigation solutions it has in place.

EXCLUSIVE ON RISK AND COMPLIANCE JOURNAL

Iran sanctions under Trump. President-elect Trump has threatened to tear up the nuclear agreement between Iran and Western powers, and to take a tougher line against Iran, but legal experts are divided on what that spells for actual policy.

Crisis of the week: Odebrecht. The crisis this week involves Odebrecht SA, the Brazil-based construction company that last month signed an agreement with the U.S. Justice Department to pay between $2.6 billion and $4.5 billion to settle Foreign Corrupt Practices Act claims.

COMPLIANCE

Lawyer emerges as SEC pick. Wall Street lawyer Jay Clayton has emerged as the leading candidate to be chairman of the Securities and Exchange Commission and could be announced as the nominee as soon as Wednesday, according to an official working with the transition team of President-elect Donald Trump, the WSJ reports. Mr. Clayton, whose clients have included Goldman Sachs Group and Barclays Capital Inc., would succeed SEC Chairman Mary Jo White, another lawyer with a history of representing Wall Street banks before becoming a regulator.

CFPB settles with credit companies. Top credit-reporting companies Equifax and TransUnion have agreed to pay more than $23 million over federal claims that they deceptively marketed and sold credit scores to consumers, the WSJ reports. The Consumer Financial Protection Bureau said Tuesday that Atlanta-based Equifax and Chicago-based TransUnion—two of the three largest credit-reporting firms—falsely advertised how lenders use credit scores and deceptively charged consumers for subscriptions to check their own score.

China clamps down on insurance. Following a year in which Chinese insurers aggressively built risky and illiquid portfolios, acquired real estate, companies and stakes in companies at home and across the world, under loose regulation, China’s insurance regulator has taken to severe tightening measures in recent weeks, the WSJ reports. Regulators have effectively barred insurers from making risky investments and banned certain insurers and insurance products with high cash value and low protection.

U.S. senators to propose new Russia sanctions. CNN reports a group of bipartisan senators is preparing a bill that would introduce new sanctions against Russia. Maryland Sen. Ben Cardin, the top Democrat on the Senate Foreign Relations Committee, said he hoped the bill would be ready this week.

Novartis offices raided. Greek prosecutors have raided the Athens offices of Swiss drug maker Novartis AG as part of an investigation into bribery allegations, a court official told Reuters.

GOVERNANCE

Exxon awards CEO $180 million. Exxon Mobil Corp. has awarded former Chief Executive Rex Tillerson a $180 million retirement package as the company moves to break financial ties with President-elect Donald Trump’s nominee for secretary of state, the WSJ reports. If Mr. Tillerson is confirmed, Exxon will transfer the equivalent value of two million unvested shares that he was set to receive at his previously expected retirement in March into a trust, according to the company.

COMPLIANCE

Lawyer emerges as SEC pick. Wall Street lawyer Jay Clayton has emerged as the leading candidate to be chairman of the Securities and Exchange Commission and could be announced as the nominee as soon as Wednesday, according to an official working with the transition team of President-elect Donald Trump, the WSJ reports. Mr. Clayton, whose clients have included Goldman Sachs Group and Barclays Capital Inc., would succeed SEC Chairman Mary Jo White, another lawyer with a history of representing Wall Street banks before becoming a regulator.

CFPB settles with credit companies. Top credit-reporting companies Equifax and TransUnion have agreed to pay more than $23 million over federal claims that they deceptively marketed and sold credit scores to consumers, the WSJ reports. The Consumer Financial Protection Bureau said Tuesday that Atlanta-based Equifax and Chicago-based TransUnion—two of the three largest credit-reporting firms—falsely advertised how lenders use credit scores and deceptively charged consumers for subscriptions to check their own score.

China clamps down on insurance. Following a year in which Chinese insurers aggressively built risky and illiquid portfolios, acquired real estate, companies and stakes in companies at home and across the world, under loose regulation, China’s insurance regulator has taken to severe tightening measures in recent weeks, the WSJ reports. Regulators have effectively barred insurers from making risky investments and banned certain insurers and insurance products with high cash value and low protection.

U.S. senators to propose new Russia sanctions. CNN reports a group of bipartisan senators is preparing a bill that would introduce new sanctions against Russia. Maryland Sen. Ben Cardin, the top Democrat on the Senate Foreign Relations Committee, said he hoped the bill would be ready this week.

Novartis offices raided. Greek prosecutors have raided the Athens offices of Swiss drug maker Novartis AG as part of an investigation into bribery allegations, a court official told Reuters.

GOVERNANCE

Exxon awards CEO $180 million. Exxon Mobil Corp. has awarded former Chief Executive Rex Tillerson a $180 million retirement package as the company moves to break financial ties with President-elect Donald Trump’s nominee for secretary of state, the WSJ reports. If Mr. Tillerson is confirmed, Exxon will transfer the equivalent value of two million unvested shares that he was set to receive at his previously expected retirement in March into a trust, according to the company.

PEOPLE MOVES

Deutsche’s AML head leaving. Deutsche Bank’s head of its global anti-financial crime unit plans to leave that position after just six months at the bank, to be replaced as soon as next week, a person familiar with the matter told the WSJ. Peter Hazlewood, who joined Deutsche Bank to oversee anticrime compliance in July 2016, could stay at the German lender in a different position, but that hasn’t been determined, the person said.

CFTC head to step down. Timothy Massad plans to step down as chairman of the Commodity Futures Trading Commission on Jan. 20, after nearly three years at the helm of the top U.S. derivatives regulator, the agency said Tuesday, the WSJ reports. The departure, which was expected, is set to coincide with the end of the Obama administration. Mr. Massad, a Democrat, has sought to complete stricter rules for the multitrillion-dollar swaps market. His departure opens the door for a Republican successor who could ease or unwind some of his efforts.

Source:http://blogs.wsj.com/riskandcompliance/2017/01/04/the-morning-risk-report-with-cybersecurity-it-comes-back-to-basics/

. . . . . . . .

Print Friendly, PDF & Email

Leave a Reply