’Twas brillig, and the slithy toves
Did gyre and gimble in the wabe:
All mimsy were the borogoves,
And the mome raths outgrabe.

Lewis Carroll turned the writing of nonsense into an art form, securing his place in history. Generations of children have delighted in hearing and saying the made up words that create a vivid imagery, thrusting the reader into the bewildering world of the fearsome Jabberwock with eyes of flame. Try as one might, it is not possible to penetrate many of the word combinations Carroll used. But the story he tells is strikingly clear. We will trust similar logic will apply to understanding the nature of the cyber events that unfolded as 2015 drew to a close.

Beware the Jabberwock, my son! The jaws that bite, the claws that catch!” (Are boards and senior corporate leadership now prepared?)

Corporate Governance in the Age of Cyber Risks
Knowledge at Wharton, UPenn
Corporate boardrooms are waking up to the encroaching, systemic threat of cybersecurity risks. But while awareness is growing — more than 80% of boards now discuss cybersecurity at most, if not all, of their meetings — many directors simply are not sure if they have the information and tools at their disposal to provide effective oversight of top management to handle today’s hacking dangers, especially intrusions sponsored by nation-states.

Why are Companies and their Directors and Officers Still Behind on Cyber Security Oversight and Disclosure?
JD Supra Business Advisor
And over the past several years, there has developed an army of talented IT, legal, and insurance professionals ready to help boards manage this threat, and there are some very proactive, outspoken, and conscientious directors who are trying to lead the way. Yet surveys still say that, on the whole, directors aren’t sufficiently engaged, and companies aren’t providing directors with sufficient information and support.

Our Cybersecurity Problem is a Lack of Safe Harbor Rules
You can’t manage what you can’t measure. In my more than 25 years of business leadership, this fact has proven itself true, time and again. When I talk to CEOs about network security, I sense some denial about the fact that they may be vulnerable to a breach. They believe they are reasonably safe from cyber attacks because they have invested in the most current cybersecurity products.  But they can only protect what they know about.

He took his vorpal sword in hand; Long time the manxome foe he sought—…(Will government provide solutions?)

DHS Hacks Businesses for Free to Test Cybersecurity
The Hill

The Department of Homeland Security (DHS) is peppering U.S. businesses — mostly banks and energy firms — with cyberattacks to test their digital defenses. The little-known program, offered to companies free of charge, is part of an ongoing effort to help critical infrastructure companies bolster their cybersecurity.

Officials Seize on Paris Attacks to Push Cybersecurity Measures
So far, it seems that the ISIS attackers who carried out the November 13 terror attacks in Paris planned their attack “in plain sight” and did not use sophisticated means of encrypted communications to coordinate their attacks. The Paris attacks were traditional, physical attacks using guns and explosives, not cyber attacks. Nonetheless, officials in Western nations are seizing on the Paris attacks to promote cybersecurity measures that include censorship, weakened security standards, and militarization of the Internet. Here’s a run-down of what they have proposed.

EU Can Suspend New Data Transfer Pact with U.S. if Worried about Privacy: Official
A new data transfer pact between the European Union and Washington will give the EU the right to pull the plug on the deal if it fears the United States is not safeguarding privacy enough, the EU Justice Commissioner said on Thursday. A previous transatlantic data transfer framework, Safe Harbour, was struck down on Oct. 6 by the European Union’s top court because of worries about mass U.S. surveillance practices.

Cyber Compromise Sparks Privacy Feud
The Hill
Lawmakers, privacy advocates and civil liberties groups sparred Wednesday over the final text of a major cybersecurity bill released overnight as part of an omnibus spending package. The bill, which would encourage businesses to share more data on hackers with the government, has drawn fierce opposition from privacy groups and a vocal coalition of lawmakers. These opponents came out swinging Wednesday against what they see as a bill that would merely shuttle more of Americans’ personal data to the National Security Agency (NSA) without actually boosting the nation’s cyber defenses.

Is the Cybersecurity Act Really Government Spying in Disguise?
The Christian Science Monitor
After years of debate over how Washington and the private sector should cooperate on confronting cybersecurity threats, last week President Obama signed into law the Cybersecurity Act to vastly expand the flow of information on digital threats into federal agencies. While the law signed as part of a $1.1 trillion omnibus package aims to boost the exchange of data between the private sector and the government, the information sharing act has been maligned by critics as a Patriot Act in disguise, another mechanism for government spying on citizens, and an overall detriment for cybersecurity.

The Jabberwock, with eyes of flame, Came whiffling through the tulgey wood, And burbled as it came! (What comes for us in 2016?)

Kaspersky Labs Offers 2016 Security Predictions
Next year will herald “the end of the world for APTs as we know them”, Kaspersky Labs predicts. Advanced persistent threats (APTs) – multi-phase cyber-attacks in which criminals stealthily penetrate a network, avoiding detection to obtain data over an extended period of time – will dramatically change in structure and operation in 2016, said Dirk Kolberg, senior security researcher at Kaspersky Labs.

US Elections May Spur Cyber Attacks
The Financial Times
The era of the large-scale cyber security breach looks set to stretch into 2016, with new targets replacing the likes of as US-based Anthem Healthcare, Ashley Madison, a Canadian dating website for married people, and UK telecoms company TalkTalk in the headlines.

Cybersecurity: Key Themes and Threats 
Dhanya Thakkar, Asia-Pacific managing director at Trend Micro, discusses the threats, themes and trends in cybersecurity for 2016. He speaks to Bloomberg’s Yvonne Man on “Trending Business.” (video)

How Artificial Immune Systems May be Cybersecurity of the Future
2015 was a year of jaw-dropping hacks. From CIA director John Brennan’s private email to Sony Inc, from the IRS to CVS, from Target to the notorious Ashley Madison, millions of people suffered from cybersecurity breakdowns across industries. According to the Ponemon Institute, the average cost of damages from data breaches in the US hit a staggering $6.5 million this year, up $600,000 from 2014. Untallied are the personal costs to the hacker’s victims: the stress associated with leaked phone numbers, credit card information, social security numbers, tax information, and the time spent getting their lives back on track. The sophistication and scope of cyber threats are expected to further escalate, yet our defenses remain rudimentary, even medieval.

Predictions Cybersecurity 2016
From Ashley Madison to the Office of Personnel Management (OPM), hackers did not discriminate between organizations or industries when it came to unleashing cyber-attacks in 2015. This past year, data breaches affected millions of people with headlines of a new hack appearing almost daily. On an individual level, customers’ passwords were compromised, credit card information stolen, and private lives became public to name a few ill-fated scenarios.

We wish all of you a prosperous 2016, and hope each of you has a moment to say “O frabjous day! Callooh! Callay!”

By Tom Davis, SDI Cyber Risk Practice
December 29, 2015