“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3. Motive for recent attacks was not blackmail, but just disruption. The files that were attacked may not be recoverable. “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3. DLA Piper shuts down after its computer systems hit. “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.
Have the Visigoths gathered at the gate? If we can’t protect our computers and the information they contain and send, does our civilization survive? Is IT now more important that all the other functions?
Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value
Gee, how important are computers to your company? Or, more importantly, the information they contain?
“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system. No flights, no baggage, and no customer communications. This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.). But it also highlights how important access to information is to having your business run right. If you put all your eggs in one basket, watch that basket.
What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9. Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen. He was one of 20,000 suspects, but not among the 3,000 most active ones.
Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value
“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4. In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA. Certainly cuts down on their foreign travel.
If they can’t keep their own secrets secret, what’s a body to do? Will this shut them down?
How well does your company keep its secrets? How important is it to your employees?
If you are in the information business (and who isn’t?), what if you can’t get to that information? Worse, what if your customers can’t get to information you store for them, or their customers can’t get to their web pages?
“Amazon Outage Hits Cloud Customers,” The Wall Street Journal, March 1, 2017 B4. Failure at a storage center just outside of Washington, D.C. lasted about 4 hours and affected Amazon Web Services. Uptime/downtime, and reliability.
What’s your plan if your main storage goes out? How does your business continue to operate?
Filed under Access, Business Case, Business Continuity, Controls, Governance, Interconnections, IT, Management, Operations, Protect, Protect assets, Risk, Third parties
What happens if you do a reorganization and delete a department head without clearly establishing who’s going to pick up the various responsibilities of that department?
Apparently, Credit Suisse wasn’t clear, so now there’s a “discussion” of who was responsible for $1 billion in losses from a department that no longer had a manager.
“Inside Credit Suisse, Finger-Pointing and Confusion Over $1 Billion Loss,” The Wall Street Journal, April 29, 2016 C1. In October 2015, the global head of fixed income stepped down (or was stepped down). Between then and January 2016 or so, no one was watching that store.
Lesson: close the loop and connect the dots.
Filed under Board, Business Case, Business Continuity, Communications, Controls, Directors, Duty, Duty of Care, Governance, Internal controls, Management, Operations, Oversight, Oversight, Protect, Protect assets, Protect information assets, Risk
You run mutual funds. Your customers want to be able to figure out the value of their investments. But they can’t, because of a computer glitch at a vendor.
“Pricing Snag Stymies Trading in Popular Funds,” The Wall Street Journal, August 27, 2015, A1. Mutual funds can’t supply customers pricing information because of a computer problem at Bank of New York Mellon Corp. Not a great week for that.
What information do you rely on to do your business, and how much of that comes from a third party? What happens if that third party doesn’t perform as expected? Is that information governance, or something else? Does it help that a lot of others relied on that same third party?
Managing access to information is clearly an element of information governance. That can be gaining access to useful information or can be permitting and limiting access to your information. Lots of security and leveraging issues.
“‘Ransomware’ Becomes Bigger Company Threat,” Wall Street Journal, April 16, 2015 B1. Companies admit to paying up to get access to their data. Small businesses are targets, and initial payments seem inconsequential.
What would happen if someone blocked your company’s access to its data? How much would you pay? Who’s job would be in jeopardy? Would your business survive?
Filed under Access, Board, Business Case, Business Continuity, Collect, Controls, Duty of Care, Governance, Information, Internal controls, IT, Management, Operations, Oversight, Oversight, Protect, Protect assets, Protect information assets, Risk, Security, Value