|
Cyber Daily: The Fate of a CISO After a Breach
|
|
|
|
|
|
Good day. Capital One, four months after disclosing a security breach that affected about 106 million of its card customers and applicants, is reassigning its CISO to an adviser role and looking for a replacement. It is no secret to security chiefs that their jobs can be jeopardized by cyberattacks. Yet, when a CISO leaves, important knowledge about systems and processes goes, too, as we report today.
Question of the week: What factors are most important in deciding the fate of a CISO after a cybersecurity incident? Email me and we may use your response in an upcoming newsletter.
Also today: A New York firm is charged for allegedly selling banned Chinese equipment to U.S. military and others; and Facebook moves to avoid disclosing in court information about apps that possibly mishandled data.
|
|
|
|
|
Capital One is moving its chief information security officer out of the role in the wake of a data breach. PHOTO: ANDREW HARRER/BLOOMBERG NEWS
|
|
|
Removing a CISO after a breach is a tough call, experts say. The calculation involves evaluating whether the problem could have been prevented as well as assessing the chief information security officer's protection strategies.
Capital One Financial Corp. is moving its chief information security officer out of the role in the wake of its massive data breach, The Wall Street Journal reported Thursday.
Forcing out an executive after a scandal isn’t unusual and it can help mitigate financial fallout, said Andrea Kelton, an associate professor of accounting at Middle Tennessee State University. “Investors do like to see firms taking action, doing something to try to rectify or alleviate the situation,” she said.
But firing the CISO can be a mistake, said Martha Heller, chief executive of technology-executive recruiting firm Heller Search Associates. “When the CISO walks out the door, a tremendous amount of knowledge leaves with them.”
Read more.
|
|
|
|
|
|
|
Hangzhou Hikvision Digital Technology, a surveillance company partly owned by the Chinese government, makes body cameras sold to a U.S. Air Force base. PHOTO: AGENCE FRANCE-PRESSE/GETTY IMAGES
|
|
|
Prosecutors charge N.Y. firm with selling banned Chinese gear to U.S. military. Federal prosecutors in Brooklyn alleged a Long Island company, Aventura Technologies Inc., made upward of $88 million in sales—including more than $20 million in federal government contracts—on products the company claimed to produce at its Commack, N.Y., headquarters. In fact, prosecutors said, the devices came from overseas, including from Chinese manufacturers that U.S. officials had flagged as cybersecurity threats, WSJ reports. The body-camera manufacturer isn’t named in the complaint but is identifiable as Hangzhou Hikvision Digital Technology, a surveillance company partly owned by
the Chinese government.
Arrests: Aventura and seven current and former employees, including the company’s top executives, were charged with counts including money-laundering conspiracy and unlawful importation. Six of the defendants were arrested Thursday morning and appeared in court Thursday afternoon, although they didn’t have to enter pleas; the seventh is expected to surrender Friday. No Chinese companies were listed by name in the complaint, and there was no allegation against the Chinese government or Chinese citizens.
Facebook asks judge not to force it to reveal records. The company said turning over information about an estimated 10,000 apps it suspects mishandled user data could violate attorney-client privilege, Reuters reports. The Massachusetts attorney general requested the records for its investigation of Facebook’s privacy practices. Facebook previously hired a law firm to look into how app developers handled user data and argued this week that the resulting information is protected.
|
|
|
|
|
|
|
|
|
|