Cyber Risk Governance Insights | May 13, 2024
Netswitch, Inc.

Cyber Risk Governance Insights | May 13, 2024

WEEK IN HEADLINES

FINANCIAL SERVICES - JPM Chase Data Breach Impacts Customers

JPMorgan Chase recently discovered a data breach affecting nearly half a million customers. Unauthorized access exposed personal information, including names, addresses, Social Security numbers, and bank account details. The bank has taken corrective measures and offers free credit monitoring to affected individuals.

TECHNOLOGY - Hacker Scraped Millions of Customer Records

A threat actor known as Menelik infiltrated Dell’s servers, scraping data from almost 50 million customers. The breach exposed names, postal addresses, and other purchase-related information. Dell, now aware, is addressing the vulnerability and collaborating with law enforcement

RETAIL - Criminal Network Scams with Fake Webshops

BogusBazaar, a sprawling criminal e-commerce network, has defrauded over 850,000 victims worldwide. Operating tens of thousands of fake webshops, the network processed more than one million orders, with an estimated aggregate order volume exceeding USD 50 million. Victims, mainly from Western Europe and the USA, fall prey to enticing deals on shoes and apparel, only to have their credit card details stolen.

GOVERNMENT - "Hackers Had ‘Access to Everything"

Montclair, NJ, a 2023 ransomware attack compromised sensitive information, including social security numbers, drivers’ licenses, and banking details of residents and employees. Despite the potential for selling this data, hackers typically adhere to an unwritten code of not publicly releasing or selling it. Instead, they use it as collateral to pressure victims into paying ransoms. The rise of “ransomware as a service” has transformed these cybercriminals into organized entities.

RANSOMWARE - RaaS Group Strikes 500+ Organizations Worldwide

Black Basta, a ransomware-as-a-service (RaaS) variant, has infiltrated over 500 private industry and critical infrastructure entities globally since its discovery in April 2022. Sectors affected include healthcare organizations, emphasizing the urgent need for cybersecurity defenses against this threat.

GOVERNMENT - City Shuts Down IT Network After Cyber Attack

The City of Wichita, KS, faced a ransomware attack that forced the shutdown of critical systems, impacting online bill payment services and public transportation. The cybercriminals behind the attack, likely part of the LockBit ransomware gang, demanded payment for access to locked files. Incident response efforts are ongoing, with federal and local law enforcement involved in the investigation.


INSIGHTS & EXPERT PERSPECTIVES

Lost in Translation: Cease-Fire in Acronym Battle

Organizations face internal communication barriers that hinder effective cybersecurity risk management. Based on a global survey of 1,300 CISOs and interviews with CEOs and CFOs, this report reveals critical gaps between security teams and the C-suite. As AI-driven attacks surge, security tools fail to provide business-context insights, leaving executives exposed to cyber risks. The urgency lies in minimizing consequences such as impacted revenue, regulatory fines, and lost market share.

  • Leadership Blind Spots: Technical jargon in security discussions hinders C-suite and boards from gaining actionable business insights.
  • Risk Exposure: Consequences include revenue impact, regulatory fines , and market share loss.
  • Automation as a Solution: enhances incident response and risk mitigation.

?INSIGHT: A few years ago, we became keenly aware that acronyms cause miscommunication among customer teams. We set out to address that issue and find an end to the acronym battle.

There are 3 parties in addressing cyber risk governance for any organization, these are internal auditors (Governors) security teams (Technologists), and C-Suite & Boards (Executives)

So on, one side of the conversation creating "communication issues" Auditors and Technologists have their unique acronymic languages and while their goal of security and compliance may align, neither "language" easily translates to an understandable language of the Executives.

Some argue that Executives must delve into technical details to make informed decisions. Understanding vulnerabilities, threat vectors, and governance for regulatory compliance strategies is essential for accurate risk assessment. But transparency builds trust and hinges on sharing the details and intricacies.

However, others emphasize the need for business-focused communication. Executives operate in a fast-paced environment, where concise, actionable information is crucial. They want to know how security impacts revenue, reputation, and customer trust. Simplifying technical jargon ensures that executives grasp the essentials. Data visualization, storytelling, and context are key tools for closing the gap among the 3 groups.

Balancing both perspectives—providing technical depth when necessary while framing risks in terms of business impact—ensures effective risk management and organizational resilience.? Governors and Technologists must simplify the technicality of their information feeds and remediation recommendations into actionable insights for Executives who have neither the time nor the desire to understand the level of detail the risk professionals in audit and security do their jobs.

We patented the Cyber Risk Governance system to provide a way for ingesting data from any software for governance or security to identify risks as vulnerabilities and show how they're tethered to compliance.? This is done regardless of geography, regulation, framework, or industry.

Ask us ([email protected]) about how we've democratized this conversation for any organization anywhere.

Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

  • Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch
  • Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

  • Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Group on LinkedIn. Share insights and stay ahead of the curve.
  • Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch today to take control of your cyber risk.


Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.

Andrzej Jarmolowicz

Operations Director at CyberShure

6 个月

There are encryption solutions available that would mitigate against this but, it would appear that many still have their heads buried in the sand and think that they are protected.

回复
Ishu Bansal

Optimizing logistics and transportation with a passion for excellence | Building Ecosystem for Logistics Industry | Analytics-driven Logistics

6 个月

What steps can companies take to better protect their customer's data and prevent cyber attacks?

回复

Cyber whirlwind out there. Tracking a cease fire in the abbreviation battleground. #StaySafe?? Stanley Li

回复
Russell Rosario

Cofounder @ Profit Leap and the 1st AI advisor for Entrepreneurs | CFO, CPA, Software Engineer

6 个月

Dang, seems like it's chaos out there in the cyber world! ?????? Stanley Li

要查看或添加评论,请登录

Stanley Li的更多文章

社区洞察

其他会员也浏览了