In March this year, a group of Islamic hackers announced that they were launching the latest phase of their denial of service attacks against the largest U.S. banks. The group, which called itself the Izz ad-Din al-Qassam Cyber Fighters, targeted the websites of banks including Bank of America, Wells Fargo, and PNC Bank.
Within days, customers of those banks were complaining of difficulties in accessing the institution’s websites. (more…)
In the previous two installments of this series (Part I and Part II), we discussed the fiduciary obligation of officers/directors to proactively address cyber security and the legal basis for holding them personally liable if they fail to do so. This third and final article explores the more difficult task of deciding which best practices directors should consider adopting. Because each enterprise faces unique challenges, this process requires that directors understand their company’s cyber security risk profile and the options available for mitigating the risk.
08 Aug 2013Steven L. Caponi
When deciding which policies or procedures to adopt, boards should consider how their decisions will be viewed after an incident occurs. Following a loss or serious data breach, the various interested parties – stockholders, regulators, customers, politicians, media, and courts – will seek to assign blame. This chorus of finger pointers will inevitably be looking through the distorted lens of hindsight. Directors will not be accorded the benefit of the doubt, the presumption of good faith will be thrown out the window, and a conscientious cost-benefit analysis will be characterized as a deliberate decision to sacrifice data security on the altar of corporate profits. (more…)
More cooperation with government intelligence agencies would improve the Canadian financial industry’s cyber security capabilities, regulatory and industry experts told Thomson Reuters. Financial institutions have deployed defences, but face considerable threat from cyber-criminals intent on committing fraud, stealing sensitive information, and disrupting their networks.
18 Jul 2013Daniel Seleanu
To mitigate those risks, security and financial experts have called for an enhanced information-sharing system that would allow firms to provide detailed cyber-attack statistics to the government in exchange for intelligence on emergent threats and mitigation strategies. To date, attempts to establish such a system have had little result. (more…)
Recently, global discussions on cyber attacks have become an extremely important topic and it has made me wonder—where are these hackers learning their skills? Their programming and hacking skills have to start somewhere, especially if they are indeed acting independently of any government or organized group.
In the United States, there has certainly been a push for more education in programming in order to better defend our cyber networks. Initiatives such as Codeacademy have become popular as a manner of self-teaching programming skills. Other websites have gained popularity by facilitating “missions” where users can practice hacking into websites with security vulnerabilities. These websites, however, are specifically set up for the purpose of legally practicing their hacking skills. In these cases the methods of learning hacking techniques often rely on teaching basic programming skills through discussion forums and then allowing users to practice their skills on their own. While some of these sites may promote trying out “hacktivism” or hacking for the sake of a social cause, they primarily focus on simply teaching users programming skills and then setting the users loose to do what damage they may.
The expansion of regulation has created opportunities for compliance officers to liaise with other business functions and to have access to the board. But it has also created new compliance challenges for firms, such as the threat of enforcement, panelists said at a securities conference yesterday.
29 May 2013Emmanuel Olaoye
“Senior management wants to know what compliance thinks. The board wants to see compliance much more frequently than once a year. There are great opportunities but there is a lot of pressure because they are being asked to anticipate the unexpected,” said John Polanin, Jr., an executive director and head of compliance for the Americas at Macquarie Group. He was speaking in a panel discussion at the FINRA Annual Conference in Washington D.C. (more…)
Businesses, government agencies and critical infrastructure operators face unprecedented challenges in protecting themselves from increasingly sophisticated cyber attacks launched by criminals, hacker activists and foreign governments. To date these attacks have for the most part focused on financial crimes, intellectual property theft and disrupting network operations.
13 May 2013Thomson Reuters
Experts and policymakers warn that critical infrastructure, including financial systems, are vulnerable to increasingly destructive viruses that have been identified over the past two years, such as Stuxnet and Shamoon which surfaced in the Middle East.
The Obama Administration has asked Congress to give the government new authority to help protect critical infrastructure from cyber threats, yet lawmakers have yet to pass such legislation. Experts meanwhile warn that adversaries are looking to take advantage.
Some top U.S. policymakers will discuss the challenges they face in protecting the nation from cyber attacks during closed sessions at the 2013 Reuters Cybersecurity Summit, from May 13-15 in Washington. D.C. They will be joined by leading experts who will assess the threats faced by various industries and the government. (more…)
The CEOs of security companies Kaspersky Lab and Symantec explained that they had linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon while leading cyber experts warned of a shortage of talented experts in the United States at a time when cyber attacks are on the rise.
At the same time hacked companies are fighting back with some controversial strategies of their own to fend off increasingly sophisticated cyber attacks according to guests at the Summit.
In interviews with executives from telecom and media companies France Telecom’s CFO urged the industry to be more prudent about its debt levels amid looming investments needs. Direct TV’s CEO announced that the company may deploy a controversial ad skip technology and music services Shazam and Deezer explained how smartphones and Facebook have helped establish digital music services. WPP’s CEO sounded uncharacteristically conciliatory about a clash with shareholders over executive pay.
For a summary recap report of the Summit, click here.
New technologies including drones and cyber weapons are changing the way we wage war, says former Deputy Secretary of State James Steinberg. Steinberg tells Reuters Social Media Editor Anthony De Rosa that war will be redefined in the future and will take many forms.
The Flame virus is on the attack. LinkedIn, eHarmony and Last.fm users had their passwords stolen. Hackers are targeting smart phones. Reuters social media editor Anthony De Rosa gets three top cyber security experts to disclose the best ways you can avoid becoming a victim.
What are the trends affecting the media and technology sectors and what does it mean for investors?
If the world’s superpowers face off in another major war, the winner will likely be determined in cyberspace. Only a handful of cyber weapons have been identified to date: The notorious Stuxnet worm that attacked Iran’s nuclear program and its data-stealing cousin Duqu. Researchers just uncovered the highly complex Flame.
Meanwhile online crime is flourishing. The unpublished music of Michael Jackson is among the booty that cybercriminals have recently claimed. Financial fraud scams target consumers and businesses alike. Nation states run far more sophisticated campaigns to steal intellectual property from rival governments as well as businesses across virtually all industries.
The Reuters Global Media and Technology Summit will bring together some of the world’s top cyber security experts to talk about the latest trends in cyber security. During closed interviews, we’ll also ask more than 30 industry executives to address broader trends affecting the technology and media sectors.