“Data Breach Affects Time Warner Cable Subscribers,” The Wall Street Journal, September 2, 2017 B3. A company vendor left over 4 million records on a cloud-based server. Thankfully, BroadSoft reported “that none of the unsecured information was ‘highly sensitive.'” At least not “highly sensitive” to them.
Vendors causing a breach, again. Customer data exposed, again. Are there lessons here?
Filed under Access, Board, Controls, Corporation, Duty, Governance, Interconnections, IT, Privacy, Protect assets, Protect information assets, Security, Third parties, Vendors
“Hackers Target Private Data, Network Access of Young Job Seekers,” The Wall Street Journal, August 21, 2017 B5. Job scams continue. Some use fake LinkedIn profiles.
Be careful on the web. When you click, you get what they send, not necessarily what you expect. Control what information you get.
Lot of hacks since then.
“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3. Motive for recent attacks was not blackmail, but just disruption. The files that were attacked may not be recoverable. “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3. DLA Piper shuts down after its computer systems hit. “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.
Have the Visigoths gathered at the gate? If we can’t protect our computers and the information they contain and send, does our civilization survive? Is IT now more important that all the other functions?
Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value
It’s Groundhog Day. Or becoming a dog-bites-man story.
“Cyberattack’s Fallout Fuels Scramble,” The Wall Street Journal, June 29, 2017 B3. A ransomware attack through Microsoft Windows hits Maersk, Merck, WPP, and Rosneft, among others. Surgeries disrupted at a Pennsylvania hospital. “Hospital Operator In Pennsylvania Works to Recover,” The Wall Street Journal, June 29, 2017 B3.
Does this become so routine we forget people are supposed to take steps to prevent it? Do cyberattacks make the board agenda, without the tie to the greater information governance questions? Is that progress? Does industry not see the bigger risk?
Filed under Access, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value
Gee, how important are computers to your company? Or, more importantly, the information they contain?
“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system. No flights, no baggage, and no customer communications. This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.). But it also highlights how important access to information is to having your business run right. If you put all your eggs in one basket, watch that basket.
What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9. Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen. He was one of 20,000 suspects, but not among the 3,000 most active ones.
Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value
Two front-page items today relating to information and governance and compliance, or some combination thereof.
“Trump Shared Secrets With Russians,” The Wall Street Journal, May 16, 2016 A1. President Trump shared with the Russians “sensitive intelligence” received from an ally. May have compromised the source.
“Hack Probe Zeroes In on How Virus Invaded Networks,” The Wall Street Journal, May 16, 2016 A1. WannaCry ransomware infects various networks worldwide. Similar to an NSA hack, or are you still using XP?
Regardless whether the President shared actual sources and methods, or just enough to figure them out, this bears scrutiny. What impact (cost) will this have on future intelligence sharing by allies? Who in your organization has access to secret stuff, and how well do they manage it?
As for WannaCry, are we really only secure as our weakest link? Lots and lots of links.
Filed under Access, Controls, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Protect assets, Security, Third parties, Value
Hearsay is information, too. Just goes to admissibility and, perhaps, weight.
“Paper Points to Pemex Bribe,” The Wall Street Journal, May 5, 2017 A7. Apparently, an Odebrecht employee testified that he was asked to bribe the person then the head of Pemex (Mexico’s state-owned oil company). Not clear who asked him. Odebrecht ( a large Brazilian contruction company) has admitted it paid a bunch of bribes in a bunch of countries, including Mexico. This according to a document filed in Brazil.
So, a document filed in court in one country alleges bribes to an official in another country. What’s the Mexican government to do? What’s the duty, and to whom?
Filed under Access, Accuracy, Compliance, Corporation, Culture, Data quality, Duty, Governance, Government, Interconnections, Oversight