Exploring the Cybersphere – January 2017

This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite. Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Who among us recalls Nellie Bly’s best seller, “Around the World in Seventy-Two Days?”  I’d guess the answer would be few indeed. We do, however, have context, for the book followed Jules Vernes’ masterful, “Around the World in Eighty Days.”  In honor of Verne’s hero’s Phileas Foggs’ great escapade, today we will go around the world in roughly 80 seconds.

First, to China, where entrepreneurship is on the rise

The SEC charges three Chinese nationals with insider trading related to information that was hacked from two New York law firms


On December 27, 2016, the Securities and Exchange Commission (“SEC”) filed a complaint against three Chinese nationals, alleging that they hacked two New York-based law firms, stole material nonpublic information relating to upcoming mergers and acquisitions, and traded on that stolen information, earning approximately $3 million in illegal profits.

On To Russia, busy as ever…

Report: More cases of Russian cyberattacks come to light


CBS NEWS – U.S. government officials have been notified of new cases of attempted or potentially successful cyber intrusions, CBS News has learned. Officials would not go into specifics or reveal the number of new cases. But the revelation raises concerns that Russian cyberattacks have been more extensive than originally thought. Since the U.S released a report on election-related cyberattacks on Thursday, a government official said more cases have come to light, CBS News’ Justice and Homeland Security correspondent Jeff Pegues reports. The intelligence information made public last week revealed some of the tools and infrastructure allegedly used by Russian hacking units. Those signatures were flagged over the weekend after officials connected with Vermont’s electric grid confirmed that malware code used in operation “Grizzly Steppe” was found on a Burlington Electric Department laptop.

Then to Italy, where the Pope seems to have faith in his cybersecurity…

People are praising Pope Francis for taking cybersecurity very seriously


He has 10.2 million followers on Twitter, opened an Instagram account last year, has met with tech executives, sold his old iPad for a good price, and addressed mankind’s pervasive use of gadgets in his teachings. You can now add cybersecurity awareness to the range of tech issues Pope Francis has addressed, even if he only inadvertently triggered online chatter about one of the most basic privacy protection techniques in the Internet age. As The Washington Post reports, a photo of Pope Francis taken in 2015, in which he was signing up for the Catholic Church’s 2016 World Youth Day event on an iPad, appears to show a sticker taped over the tablet’s camera. The Post said it has verified the photo as real.

Back in time to revisit lessons drawn from ancient Greece

The cybersecurity dilemma: Where Thucydides meets cyberspace


The great Greek historian Thucydides wrote of the Peloponnesian War, “It was the rise of Athens, and the fear this inspired in Sparta, that caused war to be inevitable.” This statement hints at a broad pattern. As nations rise, and especially as they secure themselves, they in the process threaten other nations who have no choice but to take the threat very seriously. Often, this threatening behavior is unintentional. In the time since the ancient Greeks, international relations scholars have named this idea the “security dilemma” and found it occurring time and again, both in strategic matters and at the operational level of conflict. What about in cybersecurity?

And finally, some advice for executive travelers (courtesy of a former secret service officer)…

A secret service agent’s guide to protecting the C-suite from hackers


Cybersecurity is on the minds of most businesses today, but there’s one area where companies often screw up: failing to protect their key executives when they’re on the move. In today’s environment, there are an abundance of well-funded and sophisticated hacking groups out there, many with nation-state or organized crime affiliations and interests, who are looking for any way possible to defraud or steal information from American business interests. Like any other criminal, hackers look for weaknesses in the security perimeter before they attack — and often, that sweet spot is to be found in the personal security of key company figures. One example is “Darkhotel,” the Korean-speaking hacking group that targeted countless business executives via hotel Wi-Fi from 2010 to 2015.

By Tom Davis, SDI Cyber Risk Practice

January 31, 2017