The New Realities of Cyber Risk Management: It’s Not Just an IT Issue

From CSA –

“Imagine you are the general counsel at a retailer involved in sensitive M&A discussions. You receive an email from one of the deal’s outside advisors. He says he needs some information about your company, the kind you’ve passed on before. You send it along — and later find that you were victimized in a sophisticated cyber-attack aimed at stealing sensitive information.

Or imagine you are the operations manager at a distribution center for an expanding restaurant chain. Shortly after a new contractor did some work in your facility to modify an automated system, you noticed a glitch in how your orders were processing. Turns out the contractor had poor cybersecurity controls, and their equipment infected your operation with malware.”

Read more>>

NCA in safety warning after millions stolen from UK bank accounts

From The Guardian –

“Law enforcement officials are hunting cyber attackers who have pulled off a series of internet “heists” on British bank accounts worth at least £20m.

British government ministers have been informed and the law enforcement effort involves the United Kingdom’s top secret electronic security centre at GCHQ, as well as the UK’s national Computer Emergency Response Team (CERT), which was set up in 2014.

In the US the FBI is involved, while in Europe the police agency Europol is also helping to investigate, as well as law enforcement in Germany and Moldova where it is believed the attackers may have links to.

The virus or malware, known as Dridex, may be responsible for worldwide losses of $100m so far.”

Read more>>

What Treasury needs to know about cyber risk

From GT News –

“Given Treasury’s central role in sustaining a bank’s financial stability and security – and the fact that all parts of the bank come to it for knowledge and advice – the department needs a working knowledge of this rising new category in the bank’s risk register.

The starting point for Treasury is to recognise that the responsibility for deflecting cyberattacks can no longer be deferred just to the IT department. If defending against these attacks merely required investment in technology, banks would have already completed it. In fact many have invested millions in technology in their attempts to prevent cyberattacks, yet more often than not their exposure to cyber risk has only increased.”

Read more>>