This week in our blog, we offer a cyber Tuesday option 3snapshot of cybersecurity, privacy and data security news of interest to the executive suite. Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

Preparation starts at the top —

Board rooms becoming more security-savvy
Dark Reading
Thirty-five percent say they discuss cybersecurity at every board meeting, a Veracode-NYSE survey says. Board rooms are becoming more sophisticated about cybersecurity, creating new opportunities for CISOs to lead, according to a recent survey of 200 directors of public companies, conducted by NYSE Governance Services and Veracode …

Phishing is good on the other side of the pond —

Employee credentials of half of European top 500 firms exposed online
Help Net-Security
Cyber attacks and data breaches very often start with phishing or spear-phishing. Access to good credentials is key – whether it’s for straight emailing or direct access to target email systems, etc. Web intelligence firm Recorded Future has recently scoured the Web’s underbelly, including paste sites and forums, for exposed corporate credentials (emails and passwords), and found that 49 percent of Europes’s largest companies have had credentials belonging to their employees exposed online …

And here as well —

The race to outsmart corporate phishing attacks
CS Monitor
Companies are constantly seeking new – and expensive – ways to protect against criminal hackers. But even the most advanced software can’t keep unwitting employees from endangering corporate networks …

As for what motivates cyber criminals, not surprisingly, cyber crime does pay,

Cybercrime can give attackers 1,425% return on investment
Dark Reading
While security professionals often find it difficult to prove return on investment, a standard ransomware campaign could earn an attacker a 1,425 percent ROI, according to a report released today by Trustwave

And while victims may not care, RAND says there is a new breed of cyber criminal emerging —

Cybercrime: Much more organized
Cybercrime offers the potential for immense profits. So it is no surprise that the digital “mob” has moved into the space. According to some experts, there is no such thing as “disorganized cybercrime” any more …

RAND also has published a second study that suggests CISOs increasingly believe cyber attackers are rapidly outpacing defenses

Companies making cybersecurity a greater priority, but hackers may still be gaining
Homeland Security News Wire
Companies are spending increasing amounts on cybersecurity tools, but are not convinced their data is truly secure and many chief information security officers believe that attackers are gaining on their defenses, according to a new RAND Corporation study. While worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually, many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

June 30, 2015