cyber Tuesday option 3This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite.  Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

A peak into the future of the Internet of Things … Now anyone can drive Ms. Daisy

Hackers Remotely Kill a Jeep on the Highway- With Me in It
I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume …

 … a development which led to this …

Chrysler Recalls 1.4 M Cars over Hacking Fears
The Hill
Chrysler said Friday it was recalling roughly 1.4 million vehicles after security researchers exposed a flaw that allowed hackers to kill transmissions remotely. The recall affects several models of Dodge, Jeep and Chrysler cars …

Corporate Board Members do not lack for advice

Cybersecurity: Boards Must Ask Sharper, Smarter Questions
The Wall Street Journal
Boards are trying to build more productive, transparent relationships with cybersecurity chiefs to decrease the risk of attack. But directors can by stymied by a lack of basic security knowledge. New guidance from the National Association of Corporate Directors suggests asking more searching questions of chief information security officers, including how they measure their teams and technology and whether they have ongoing contacts with the Federal Bureau of Investigation and other law enforcement bodies that investigate attacks …

An exploitable weakness in network security: corporate boards
In the ongoing battle against hackers, it’s time for company directors to finally prioritize cybersecurity. Business is losing the war against hackers right now. But corporate boards shouldn’t just blame their tech teams. Rather, they should be looking in the mirror …

The role of the Board in cybersecurity: ‘Learn, ensure, inspect’
Dark Reading
It wasn’t long ago that cybersecurity was considered the exclusive domain of IT departments, a matter of purchasing and deploying the right technology to defend against intrusions into the network. In case you haven’t heard, those days are over. In the wake of devastating and embarrassing incidents at Target, JPMorgan Chase, Home Depot and dozens of other established and widely respected brands, executive management and boards of directors are now acutely aware that the responsibility for safety, security and integrity of their networks and data sits squarely on their shoulders …

Why Cybersecurity Leadership Must Start at the Top 
If the past year has shown us anything, it’s that companies should no longer ask if they are going to be hacked and instead when. With every company becoming digital, the pace of change is only accelerating and our ability to make the right decisions on cybersecurity needs to move even faster. Some estimate that between $9 and $21 trillion of global economic value creation could be at risk if companies and governments are unable to successfully combat cyber threats …

The good guys strike back

Feds Take Down Elite Hacking Forum 
The Hill
The Justice Department said Wednesday it had taken down a hacking forum known as Darkode. The government has filed criminal charges against 12 people allegedly affiliated with the forum, a dark Web repository for hacking tools of all kinds …

And it leaves a queasy feeling

Cybersecurity intern accused in huge hacking bust 
On Wednesday the U.S. Justice Department announced a massive international bust of Darkode, an online black market for hackers. Among those charged with crimes was Morgan Culbertson, a 20-year-old from Pittsburgh. He’s accused of creating a nasty malware that infects Android phones, steals data and controls the device …

This month’s Willie Sutton reminder … cyber criminals go where the money is

What Morpho Means: Why Hackers Target Intellectual Property and Business-Confidential Information
Dark Reading
Corporate cyberespionage made the front page last week with the news of Morpho, also known as Wild Neutron. Regardless of what you call it, this revelation was the latest reminder of the growing prominence of corporate espionage on the cyber landscape. The group targets major IT, pharmaceutical, legal, and commodity companies spanning the globe, with concentrated efforts in the United States, Europe, and Canada. It is highly organized and homes in on victims to gather confidential information for future monetization …

Seems like only yesterday we learned OPM suffered a massive breach

Hacking of government computers exposed 21.5 million people
The New York Times
The Obama administration on Thursday revealed that 21.5 million people were swept up in a colossal breach of government computer systems that was far more damaging than initially thought, resulting in the theft of a vast trove of personal information, including Social Security numbers and some fingerprints …

 And the backlash grew exponentially

OPM Director Katherine Archuleta resigns under pressure
The Washington Post
Office of Personnel Management Director Katherine Archuleta resigned under pressure on Friday, a day after Obama administration officials announced that two major breaches last year of U.S. government databases holding personnel records and security-clearance files exposed sensitive information about at least 22.1 million people …

Finally, umm, good for Home Depot, but????

Home Depot Has Better Cyber Security than 25 US Defense Contractors
Defense One
After revelations that a compromised contractor login abetted a grandiose breach of federal employees’ background investigations, now comes word that Defense Department suppliers score below hacked retailers when it comes to cyber defense …


By Tom Davis, SDI Cyber Risk Practice

 SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

 You can view previous blog posts on cyber risk management here.

July 28, 2015