“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3. Motive for recent attacks was not blackmail, but just disruption. The files that were attacked may not be recoverable. “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3. DLA Piper shuts down after its computer systems hit. “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.
Have the Visigoths gathered at the gate? If we can’t protect our computers and the information they contain and send, does our civilization survive? Is IT now more important that all the other functions?
Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value
It’s Groundhog Day. Or becoming a dog-bites-man story.
“Cyberattack’s Fallout Fuels Scramble,” The Wall Street Journal, June 29, 2017 B3. A ransomware attack through Microsoft Windows hits Maersk, Merck, WPP, and Rosneft, among others. Surgeries disrupted at a Pennsylvania hospital. “Hospital Operator In Pennsylvania Works to Recover,” The Wall Street Journal, June 29, 2017 B3.
Does this become so routine we forget people are supposed to take steps to prevent it? Do cyberattacks make the board agenda, without the tie to the greater information governance questions? Is that progress? Does industry not see the bigger risk?
Filed under Access, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value
Gee, how important are computers to your company? Or, more importantly, the information they contain?
“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system. No flights, no baggage, and no customer communications. This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.). But it also highlights how important access to information is to having your business run right. If you put all your eggs in one basket, watch that basket.
What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9. Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen. He was one of 20,000 suspects, but not among the 3,000 most active ones.
Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value
Two front-page items today relating to information and governance and compliance, or some combination thereof.
“Trump Shared Secrets With Russians,” The Wall Street Journal, May 16, 2016 A1. President Trump shared with the Russians “sensitive intelligence” received from an ally. May have compromised the source.
“Hack Probe Zeroes In on How Virus Invaded Networks,” The Wall Street Journal, May 16, 2016 A1. WannaCry ransomware infects various networks worldwide. Similar to an NSA hack, or are you still using XP?
Regardless whether the President shared actual sources and methods, or just enough to figure them out, this bears scrutiny. What impact (cost) will this have on future intelligence sharing by allies? Who in your organization has access to secret stuff, and how well do they manage it?
As for WannaCry, are we really only secure as our weakest link? Lots and lots of links.
Filed under Access, Controls, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Protect assets, Security, Third parties, Value
Hearsay is information, too. Just goes to admissibility and, perhaps, weight.
“Paper Points to Pemex Bribe,” The Wall Street Journal, May 5, 2017 A7. Apparently, an Odebrecht employee testified that he was asked to bribe the person then the head of Pemex (Mexico’s state-owned oil company). Not clear who asked him. Odebrecht ( a large Brazilian contruction company) has admitted it paid a bunch of bribes in a bunch of countries, including Mexico. This according to a document filed in Brazil.
So, a document filed in court in one country alleges bribes to an official in another country. What’s the Mexican government to do? What’s the duty, and to whom?
Filed under Access, Accuracy, Compliance, Corporation, Culture, Data quality, Duty, Governance, Government, Interconnections, Oversight
When talking about cybersecurity, the analogy is made to castle walls. Like most analogies, it’s true and it isn’t.
“Hackers Found Holes In Bank Network,”The Wall Street Journal, May 1, 2017 A1. Security at the SWIFT network buildings is really tight, as one would expect for a large company whose business is the electronic transfer of “money” across national boundaries. But apparently, some of the national banks using this service are not as diligent in managing their own security.
Providing, and denying, access to information are key parts of information governance. But how do you do that for third parties? And how do they do it for themselves?
Filed under Access, Controls, Governance, Interconnections, Internal controls, IT, Management, Operations, Protect, Protect assets, Security, Third parties, Use, Use
If you are in the information business (and who isn’t?), what if you can’t get to that information? Worse, what if your customers can’t get to information you store for them, or their customers can’t get to their web pages?
“Amazon Outage Hits Cloud Customers,” The Wall Street Journal, March 1, 2017 B4. Failure at a storage center just outside of Washington, D.C. lasted about 4 hours and affected Amazon Web Services. Uptime/downtime, and reliability.
What’s your plan if your main storage goes out? How does your business continue to operate?
Filed under Access, Business Case, Business Continuity, Controls, Governance, Interconnections, IT, Management, Operations, Protect, Protect assets, Risk, Third parties