Cyber Risk Governance Insights | May 13, 2024
Sean Mahoney
Cyber Resilience | Cyber Risk Management | Speaker & Podcaster | Protector Against Ransomware
WEEK IN HEADLINES
FINANCIAL SERVICES - JPM Chase Data Breach Impacts Customers
JPMorgan Chase recently discovered a data breach affecting nearly half a million customers. Unauthorized access exposed personal information, including names, addresses, Social Security numbers, and bank account details. The bank has taken corrective measures and offers free credit monitoring to affected individuals.
TECHNOLOGY - Hacker Scraped Millions of Customer Records
A threat actor known as Menelik infiltrated Dell’s servers, scraping data from almost 50 million customers. The breach exposed names, postal addresses, and other purchase-related information. Dell, now aware, is addressing the vulnerability and collaborating with law enforcement
RETAIL - Criminal Network Scams with Fake Webshops
BogusBazaar, a sprawling criminal e-commerce network, has defrauded over 850,000 victims worldwide. Operating tens of thousands of fake webshops, the network processed more than one million orders, with an estimated aggregate order volume exceeding USD 50 million. Victims, mainly from Western Europe and the USA, fall prey to enticing deals on shoes and apparel, only to have their credit card details stolen.
GOVERNMENT - "Hackers Had ‘Access to Everything"
Montclair, NJ, a 2023 ransomware attack compromised sensitive information, including social security numbers, drivers’ licenses, and banking details of residents and employees. Despite the potential for selling this data, hackers typically adhere to an unwritten code of not publicly releasing or selling it. Instead, they use it as collateral to pressure victims into paying ransoms. The rise of “ransomware as a service” has transformed these cybercriminals into organized entities.
RANSOMWARE - RaaS Group Strikes 500+ Organizations Worldwide
Black Basta, a ransomware-as-a-service (RaaS) variant, has infiltrated over 500 private industry and critical infrastructure entities globally since its discovery in April 2022. Sectors affected include healthcare organizations, emphasizing the urgent need for cybersecurity defenses against this threat.
GOVERNMENT - City Shuts Down IT Network After Cyber Attack
The City of Wichita, KS, faced a ransomware attack that forced the shutdown of critical systems, impacting online bill payment services and public transportation. The cybercriminals behind the attack, likely part of the LockBit ransomware gang, demanded payment for access to locked files. Incident response efforts are ongoing, with federal and local law enforcement involved in the investigation.
INSIGHTS & EXPERT PERSPECTIVES
Lost in Translation: Cease-Fire in Acronym Battle
Organizations face internal communication barriers that hinder effective cybersecurity risk management. Based on a global survey of 1,300 CISOs and interviews with CEOs and CFOs, this report reveals critical gaps between security teams and the C-suite. As AI-driven attacks surge, security tools fail to provide business-context insights, leaving executives exposed to cyber risks. The urgency lies in minimizing consequences such as impacted revenue, regulatory fines, and lost market share.
?INSIGHT: A few years ago, we became keenly aware that acronyms cause miscommunication among customer teams. We set out to address that issue and find an end to the acronym battle.
There are 3 parties in addressing cyber risk governance for any organization, these are internal auditors (Governors) security teams (Technologists), and C-Suite & Boards (Executives)
领英推荐
So on, one side of the conversation creating "communication issues" Auditors and Technologists have their unique acronymic languages and while their goal of security and compliance may align, neither "language" easily translates to an understandable language of the Executives.
Some argue that Executives must delve into technical details to make informed decisions. Understanding vulnerabilities, threat vectors, and governance for regulatory compliance strategies is essential for accurate risk assessment. But transparency builds trust and hinges on sharing the details and intricacies.
However, others emphasize the need for business-focused communication. Executives operate in a fast-paced environment, where concise, actionable information is crucial. They want to know how security impacts revenue, reputation, and customer trust. Simplifying technical jargon ensures that executives grasp the essentials. Data visualization, storytelling, and context are key tools for closing the gap among the 3 groups.
Balancing both perspectives—providing technical depth when necessary while framing risks in terms of business impact—ensures effective risk management and organizational resilience.? Governors and Technologists must simplify the technicality of their information feeds and remediation recommendations into actionable insights for Executives who have neither the time nor the desire to understand the level of detail the risk professionals in audit and security do their jobs.
We patented the Cyber Risk Governance system to provide a way for ingesting data from any software for governance or security to identify risks as vulnerabilities and show how they're tethered to compliance.? This is done regardless of geography, regulation, framework, or industry.
Ask us ([email protected]) about how we've democratized this conversation for any organization anywhere.
Sharpen Your Cyber Edge with Netswitch
Master Compliance & Minimize Risks:
Deepen Your Knowledge:
Don't wait.
Contact Netswitch today to take control of your cyber risk.
Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.
?
?
?
?
?
Oh, cyber chaos. Stay vigilant against online threats and keep your data secure. ???? Sean Mahoney