The expansion of regulation has created opportunities for compliance officers to liaise with other business functions and to have access to the board. But it has also created new compliance challenges for firms, such as the threat of enforcement, panelists said at a securities conference yesterday.

“Senior management wants to know what compliance thinks. The board wants to see compliance much more frequently than once a year. There are great opportunities but there is a lot of pressure because they are being asked to anticipate the unexpected,” said John Polanin, Jr., an executive director and head of compliance for the Americas at Macquarie Group. He was speaking in a panel discussion at the FINRA Annual Conference in Washington D.C.  (more…)

Businesses, government agencies and critical infrastructure operators face unprecedented challenges in protecting themselves from increasingly sophisticated cyber attacks launched by criminals, hacker activists and foreign governments. To date these attacks have for the most part focused on financial crimes, intellectual property theft and disrupting network operations.

Experts and policymakers warn that critical infrastructure, including financial systems, are vulnerable to increasingly destructive viruses that have been identified over the past two years, such as Stuxnet and Shamoon which surfaced in the Middle East.

The Obama Administration has asked Congress to give the government new authority to help protect critical infrastructure from cyber threats, yet lawmakers have yet to pass such legislation. Experts meanwhile warn that adversaries are looking to take advantage.

Some top U.S. policymakers will discuss the challenges they face in protecting the nation from cyber attacks during closed sessions at the 2013 Reuters Cybersecurity Summit, from May 13-15 in Washington. D.C. They will be joined by leading experts who will assess the threats faced by various industries and the government. (more…)

A number of high level security experts at the Reuters Media and Technology Summit made for exclusive news and insight on the hot topic of cybersecurity.

The CEOs of security companies Kaspersky Lab and Symantec explained that they had linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon while leading cyber experts warned of a shortage of talented experts in the United States at a time when cyber attacks are on the rise.

At the same time hacked companies are fighting back with some controversial strategies of their own to fend off increasingly sophisticated cyber attacks according to guests at the Summit.

In interviews with executives from telecom and media companies France Telecom’s CFO urged the industry to be more prudent about its debt levels amid looming investments needs.  Direct TV’s CEO announced that the company may deploy a controversial ad skip technology and music services  Shazam and Deezer explained how smartphones and Facebook have helped establish digital music services. WPP’s CEO sounded uncharacteristically conciliatory about a clash with shareholders over executive pay.

For a summary recap report of the Summit, click here.

New technologies including drones and cyber weapons are changing the way we wage war, says former Deputy Secretary of State James Steinberg. Steinberg tells Reuters Social Media Editor Anthony De Rosa that war will be redefined in the future and will take many forms.

Watch more episodes of Tech Tonic.

The Flame virus is on the attack. LinkedIn, eHarmony and Last.fm users had their passwords stolen. Hackers are targeting smart phones. Reuters social media editor Anthony De Rosa gets three top cyber security experts to disclose the best ways you can avoid becoming a victim.

Watch more episodes of Tech Tonic.

What are the trends affecting the media and technology sectors and what does it mean for investors?

If the world’s superpowers face off in another major war, the winner will likely be determined in cyberspace. Only a handful of cyber weapons have been identified to date: The notorious Stuxnet worm that attacked Iran’s nuclear program and its data-stealing cousin Duqu. Researchers just uncovered the highly complex Flame.

Meanwhile online crime is flourishing. The unpublished music of Michael Jackson is among the booty that cybercriminals have recently claimed. Financial fraud scams target consumers and businesses alike. Nation states run far more sophisticated campaigns to steal intellectual property from rival governments as well as businesses across virtually all industries.

The Reuters Global Media and Technology Summit will bring together some of the world’s top cyber security experts to talk about the latest trends in cyber security. During closed interviews, we’ll also ask more than 30 industry executives to address broader trends affecting the technology and media sectors.

Learn more about the Reuters Global Media and Technology Summit.

Sign up now to get top Summit highlights and upcoming speakers on the go. 

Click here for the 2012 Reuters Summits Calendar.

Watch the Reuters Summits video.

A cyber security CEO says the Flame computer virus used everything from Bluetooth to screengrabs to vacuum data from computers in the Mideast for years without leaving a trace. (more…)

Heritage Foundation’s Derek Scissors and Reuters Asia Correspondent Paul Eckert discuss the 3 questions President Obama should ask China’s leader-in-waiting including market reforms and cyber-security.

By Joseph Raczynski, Thomson Reuters

The concussion from the bombardment of computer code is silent, though the havoc wreaked is deafening.  Cyber-attacks have escalated in scope and frequency in the last five months affecting finance, creditability, and confidence in the private and public sector.

What is going on and why?

There are several fronts in this battle.  From the left flank, there is Lulz Security (Twitter: @lulzsec).  This brash band of rapscallions unleashed a fifty-day torrent of hacking terror upon government agencies, gaming and broadcasting companies.  It began in March with a successful attack of RSA (the security group within EMC) who owns SecurID’s two-factor authentication products used by large organizations to provide security for corporate networks.  Once they had these keys, the group breached dozens of corporations.  Suspected of breaking into the Sony PlayStation network, LulzSec potentially stole millions of customer’s accounts.  They also rendered the peer-to-peer network, which allows worldwide gamers to play each other interactively, in shambles for weeks.  Before they reigned in their troops, they performed several distributed denial of service (DDoS) attacks on various agencies including the CIA, FBI, and Senate.  Simultaneously tweeting while attacking, the rationale for their acts were twofold; amusement and their disdain for organizations that leave known security vulnerabilities unpatched.

From the right flank are purported foreign countries that pursue U.S. national intelligence.  It is difficult to determine if these attacks are coming from the foreign states or individual groups within those countries.  According to The New York Times, a foreign intelligence service hacked into a corporate contractor and obtained 24,000 Pentagon files in March.  Disclosed just days ago, this is one of the worst attacks in US history.

(more…)

As a Reuters special report uncovered this week, the U.S. seems to be waging an uphill cyber battle against the world’s hackers.

In the year of Julian Assange and WikiLeaks, this week saw the CIA’s website infiltrated and compromised by another capable antagonist. And these “point-and-click tools” are becoming more accessible to would-be cyber warriors as cloud-based technology proliferates, says Frank Cilluffo, director of George Washington University’s Homeland Security Policy Institute.

Cilluffo was one of four cyberterrorism authorities to speak on the phenomenon with Reuters Editor-in-Chief Stephen Adler, who moderated a panel on the subject at New York’s 92^nd Street Y Thursday.

The group also featured former National Security Agency Director Mike McConnell, Bank of America’s chief technology officer Marc Gordon, and former NYPD Deputy Commissioner of Counterterrorism Mike Sheehan.

As the country approaches its 10-year anniversary of 9/11, New York City’s new vulnerability involves a potential cyberterrorism attack, the panelists acknowledged. Yet Al Qaeda has never posed a serious cyber threat, noted Sheehan, who claimed China and Russia appear better equipped to deliver on cyber threats.

“And we have not held China accountable for decades,” he added. “We can’t afford to strain our security budget, but we must hold them accountable, or we will go bankrupt.”

While McConnell called China “prolific and noisy,” he offered Russia has demonstrated a broader electronic-espionage capability. As for countering such threats here in New York City, President Bill Clinton’s former NSA director suggested “it’s incumbent on the federal government to share information more effectively.”

But how will the government keep up? Today’s cyber threats require swift Congressional action, something that looks good on paper but rarely translates into action. Deterring threats to commit cyberterrorism, however, will be virtually impossible, McConnell said.

That’s because technology continues to outpace U.S. lawmakers’ efforts to combat cyber crimes. And it’s why CIA Chief Leon Panetta warned this week that cyberterrorism would be “the next Pearl Harbor that we confront.”

Also see: Reuters story on Bank of America’s reaction to WikiLeaks’ threats.