This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite.  Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

So who’s the biggest internal cybersecurity problem for corporations? Employees?

Data breaches – hackers have nothing on your own employees
Computer Business Review
Cyber attacks like the recent Ashley Madison incident make great headlines but as many within the security industry will know, it’s not only external threats that we need to worry about. One of the biggest threats out there is human error which means you need to protect your data from your employees just as much as you do from hackers….

Employees put business data at risk by installing gambling apps on their phones
If you work for a large, global company, chances are some of your peers have installed gambling apps on the mobile devices they use for work, and that’s bad news for IT security…

Employees are the biggest threats to cybersecurity
Business professionals surveyed about the security measures they felt are the most important in thwarting cyber threats pointed to the use of employee background checks. According to the results of the First Advantage 2015 Cybersecurity Survey, people within companies are a huge cybersecurity concern…

Or executives?

Study of CEOs Reveals Alarming CyberSecurity Trends
A study of CEOs recently released by KPMG revealed some alarming trends about cybersecurity preparedness. The report, entitled, Global CEO Outlook 2015, included information garnered from over a thousand CEOs of companies with at least $500M in revenue in ten major economies around the world…

And do Boards even care?

Do boards of directors actually care about cybersecuritry?
CSO Online
There’s no shortage of arguments that cybersecurity needs to be aligned with the needs of the business, or that security is now a “boardroom issue.” And it seems that a new report or study is issued every day that states that boards of directors are more involved with their organizations’ cybersecurity efforts than ever before.

How much bull is there in this China closet?

Russia and China could be ‘making it impossible for the US to hide’ its intelligence activities
Business Insider
US officials believe China and Russia are building a database of US intelligence information using massive amounts of files stolen from government agencies and private companies, the Los Angeles Times reported on Monday…

U.S. urged to tighten cyber security to counter Chinese hacking
The United States must beef up cyber security against Chinese hackers targeting a broad range of U.S. interests to raise the cost to China of engaging in such activities, America’s top intelligence official said on Thursday.

Will American CEOs cave to China’s president?
Los Angeles Times
Pope Francis isn’t the only high-profile international figure arriving in the United States this week. Chinese President Xi Jinping is due in Seattle on Tuesday before heading east for an official White House visit. He and President Obama will have much to discuss, including economics, trade, human rights and China’s territorial ambitions. But 30 U.S. business leaders will meet with Xi in Seattle first, and it’s important that they not undermine their long-term interests by giving Xi the wrong message on cybersecurity.

Obama Won’t Sanction China for Cyber Spying…Yet
The Daily Beast
The Obama administration has been suggesting for weeks that it plans to impose financial sanctions on Chinese companies and individuals to punish them for cyberspying against U.S. corporations. But while officials aren’t ruling it out, the White House reportedly won’t take punitive actions against China before President Xi Jinping visits Washington next week…

US skeptical China will adhere to cyber promises
The Hill
Lawmakers were encouraged yet wary of a deal the White House and China revealed Friday, in which both sides committed to not support the digital theft of industry secrets.

Maybe we need to spend more, and/or, more wisely

The US government is not spending enough on cybersecurity
Business Insider
In the past 12 months, the US government has not fared well against cyberattacks, and the budget may give an insight why…

FTC: Startups Need to Up Cybersecurity Investments
Federal Trade Commission Chairwoman Edith Ramirez is reinforcing the need for technology startups to invest in ensuring cybersecurity measures are integrated into their products from Day 1, the Financial Times reported yesterday (Sept. 10). Ramirez called for a “culture of security” during the FTC’s Start With Security conference in San Francisco on Wednesday (Sept. 9), where developers and companies were encouraged to think about security earlier on in the product lifecycle instead of when it has already gained popularity…


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

September 29, 2015