|
|
|
|
|
Cyber Daily: This Is What Quick Disclosure Looks Like | Treasury's Inadequate Sanctions
|
|
By Kim S. Nash and Catherine Stupp
|
|
|
|
|
Hello. Many questions remain about a weekend ransomware attack at Sinclair Broadcast Group but information gaps are par for the course early in a cyber investigation.
As the U.S. Congress and federal officials push companies to report attacks within 24, 48 or 72 hours (depending on the bill you're reading or official you're listening to), some cyber chiefs worry that releasing incomplete accounts will damage corporate reputations, sink stock prices, provide an opening for additional attacks or cause other problems.
But it's a mistake to wait to disclose, said Lisa Plaggemeier, interim executive director at the National Cybersecurity Alliance, a nonprofit that promotes information sharing between companies and the government.
Acknowledging a cyberattack can benefit a company, Ms. Plaggemeier told us, especially when business disruptions are obvious. “You want to get out ahead of the message,” she said, “rather than there being speculation or conjecture.”
Sinclair discovered the attack on Saturday, identified encrypted servers and workstations on Sunday and issued a statement about the incident on Monday. This is what relatively quick disclosure looks like: Sinclair said data was stolen but it doesn't know which. The incident messed with local advertising, Sinclair said, but it didn't say how so or provide quantification. Sinclair said it has yet to determine whether the attack will have a material impact on its business, operations or financial results. On Twitter, some posters said the outage cut into broadcasts of National Football League games and morning news—two prime advertising vehicles.
We do know the company's shares fell just under 3% Monday.
Read more on this and other news below.
|
|
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
Record-breaking Number of DDoS attacks in 2021
Cybercriminals are discovering ever-more-ingenious ways to part organizations from their money. Explore our latest report on the constantly changing threat landscape to stay ahead of your adversaries.
Read more
|
|
|
|
|
|
|
|
|
Sinclair Broadcast said the cybersecurity incident has caused a disruption to parts of the business, including its local advertisements. PHOTO: WIN MCNAMEE/GETTY IMAGES
|
|
|
|
Incident response: One of the largest owners of broadcast stations in the U.S. said it is working to contain a cybersecurity incident that interrupted some of its networks and encrypted some of its servers and workstations.
Sinclair Broadcast Group Inc. said certain office and operational networks were disrupted, including aspects of its services that provide advertisements to local stations. Social-media posts from local network anchors and customers on Sunday and early Monday reported Sinclair-owned stations were down. Sinclair operates 185 broadcast networks in 86 markets and owns 21 regional sports networks.
Data was taken from its network, Sinclair said, adding that it was working to figure out exactly what was stolen.
Read the full WSJ story.
|
|
|
More Cyber and Privacy News
|
|
|
|
|
The Alphabet CEO tells WSJ Tech Live that 'the world of cyber doesn't have the norms and conventions we have established in the real world.'
|
|
|
|
Google CEO Sundar Pichai urges governments to adopt a Geneva Convention for cybersecurity. In the wake of recent cybersecurity breaches attributed to Chinese and Russian hackers, Mr. Pichai said the time had come to draft an agreement to outline international legal standards for an increasingly connected world.
👉 “Governments on a multilateral basis…need to put it up higher on the agenda,” Mr. Pichai said in a recorded interview for The Wall Street Journal’s Tech Live conference on Monday. “If not, you’re going to see more of it because countries would resort to those things.” (WSJ)
|
|
|
PHOTO: JOE BURBANK/ZUMA PRESS
|
|
|
Carnival breach, quantified. In a letter to Maine's attorney general, cruise operator Carnival Corp. revealed that nearly 21,000 customers, employees and crew had their data exposed in an email compromise in March. The company had notified affected individuals but hadn't disclosed the extent of the incident.
|
|
|
-
Carnival has been hit a couple of times recently. In April, Carnival revealed in a financial filing it suffered a ransomware attack in December 2020. The company had another ransomware incident in August 2020 that compromised data related to 37,500 employees and customers.
More money: Two-thirds of information technology executives plan to increase investments in information security and cybersecurity next year, in part to address the increased business risk that comes with quickly integrating different teams and data resources, according to Gartner Inc. The advisory firm conducted a global survey of almost 2,400 CIOs and tech executives across industries. (WSJ CIO Journal)
|
|
|
PHOTO: PATRICK SEMANSKY
/ASSOCIATED PRESS
|
|
|
Old-fashioned sanctions don't do the job, report says. The Treasury Department must modernize sanctions tools for new methods deployed by hackers and financial criminals, according to a study ordered by Treasury Secretary Janet Yellen. (Associated Press)
|
|
|
-
Financial sanctions programs have successfully curbed activities by terrorists and drug gangs, the report said. But the use of cryptocurrencies and other forms of digital payments "outside the traditional dollar-based financial system" let criminals hide transactions in a way that can make U.S. sanctions less effective, according to the report.
-
No specifics were included about how to adapt sanctions programs.
|
|
|
|
New from WSJ Pro Research: Distributed Denial-of-Service Attacks: Preparation and Response
|
Distributed denial-of-service attacks have become more common and grown in scale over the last two decades, affecting companies of any size and sector. This briefing provides businesses with strategies to reduce the risk of a consequential disruption.
|
|
|
|
|
|
|
|
PHOTO: ARTUR WIDAK/ZUMA PRESS
|
|
|
Proprietary material swiped. Consulting firm Accenture PLC said in a regulatory filing that proprietary information was taken by a third party last summer during "irregular activity" in one of its tech systems. Some of the material was posted online. An internal memo, CyberScoop reports, said perpetrators got documents that referred to a small number of clients and work products and "none of the information is of a highly sensitive nature."
|
|
|
|
Less than 60
|
Number of minutes it took for hackers to access the personal data of 349,246 teachers and other educators from the Public School and Education Employee Retirement Systems of Missouri. The attack happened in September through a compromised employee email account.
|
|
|
|
|
|
|
|