Entries by Jody Westby

Pay Now or Pay Later

Debunking the myth that cyber attacks usually hit large companies, the report calls SMBs “soft targets,” reasoning that these companies have valuable data but lack effective cyber-security controls and trained cyber-security personnel.

The Insider Threat

Insiders have traditionally been thought of as current or former employees or contractors who use their authorized access to an organization’s system and data to conduct or assist cyber-criminal activity. But employees who make poor decisions about the organization’s cyber-security program can also dramatically increase the risk of attack.

Be Careful Not to Make a Bad Deal

In 2017, Verizon became the M&A cyber risk poster child when it learned shortly before its purchase of Yahoo that Yahoo had suffered two of the largest data breaches in history, in 2013 and 2014, affecting 1.5 billion users. Ultimately, Verizon shaved $350 million off the purchase price.

Privacy’s Perilous Path

A former-employee-turned-whistleblower revealed that Facebook never audited the application developers it allowed to access its data to confirm they were using the data according to terms. Facebook subsequently announced it would conduct a thorough review of all application developer use of its data.

Preparing for New Cyber Threats

The cyber threat environment is more sophisticated than ever, and nation-states have increasingly played a role, often in coordination with other actors. Even the best chief information security officers are evaluating their programs against current threats and beefing up.

Benefits Data Bullseye

By September, the civil rights office had more than 400 such cases under investigation, with more than 200 reported thus far in 2018. The office lists the types of breaches as hacking/IT incident, unauthorized access/disclosure, theft, loss and improper disclosure.

Cyber Property

Everyone was afraid of what could happen to company data or operations in the hands of a third-party provider. Today, however, these vendors seem like a safe haven compared to the risks and costs associated with running an in-house data center and cyber-security program.