|
|
|
|
|
Readers React: CISO Role After New SEC Rules
|
|
|
|
|
|
Hello, and thank you, readers. You all have a lot to say about the SEC's new cybersecurity rules.
While some of the agency's required disclosures are pretty straightforward, such as describing the board's process for cyber oversight, others are nuanced and open to interpretation, you told us.
One item of interest is the elevated role of corporate cyber chiefs, especially in discussions with senior management and the board about assessing an attack for materiality. This exercise will compel companies to quantify cyber risk in the mix of other business risks. Scroll down for reader comments.
Related: Our article on Wednesday about the tough task of determining whether a cyberattack is material to a company also sparked good conversation.
Also today:
Website attacks on Italian banks
Russia-linked group targets Microsoft 365 users, including government bodies
U.S. House launches probe of recent China-linked email breaches
Funding rounds at Converge Insurance and Cyble
|
|
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
Bots Gone Bad
Botnet attacks are the most dangerous DDoS threats. They can generate massive attacks and cause devastation to your network.
Read More
|
|
|
|
|
|
|
Readers React: SEC's Cyber Disclosure Rules
|
|
|
How do you define what is material about a cyberattack. "This policy should specify the criteria used to assess materiality, such as financial impact, data exposure, legal consequences, and reputational risks. Materiality determinations should be incorporated into incident response tests." — Troy Fine, director of compliance advisory services at Drata, a compliance tech company.
Don't give away too much. The SEC wants more transparency for shareholders, not for hackers. The agency backed off of demands for technical information about cyber programs, as originally proposed. "Disclosures required by the SEC focus on cybersecurity risk management, strategy, and governance rather than providing detailed technical information about a company's security infrastructure useful to threat actors." — Brian Neuhaus, chief technology officer of the Americas unit of tech provider Vectra AI.
Carpe the cyber diem. With scrutiny intense and the stakes raised, CISOs have the attention of top leaders. "Just the issuance of the rules puts an exclamation point on the need for good cyber controls. It gives [CISOs] a megaphone to talk to business executives and make sure the company really is prioritizing good cybersecurity today, and not making it an afterthought. CISOs may find themselves with an expanded budget because the risks are greater." — Danette Edwards, partner and co-chair of securities enforcement defense at law firm Katten Muchin Rosenman
|
|
|
|
PHOTO: GUGLIELMO MANGIAPANE/REUTERS
|
|
|
Pro-Russian hackers claim cyberattacks on Italian banks. Russian-speaking hacker group NoName057(16) said it targeted the website of Italy's Banca Popolare di Bari. The bank's website was down Wednesday afternoon. The group claimed it hit the websites of several other banks, including Intesa Sanpaolo, Italy's largest bank by assets. (MarketWatch)
|
|
|
Russia-linked SolarWinds hackers have used Microsoft 365 to phish government agencies and tech providers. The same group that infiltrated SolarWinds software in a hack disclosed in late 2020, and said to be part of Russian intelligence, has turned its attention to users of Microsoft 365 office systems, Microsoft said. The group, tracked as APT21, is using phishing email posing as tech support staff in a likely espionage campaign, according to Microsoft researchers. Fewer than 40 entities worldwide have been affected, in government, tech, media and manufacturing, as well as non-governmental organizations, Microsoft said. (Bleeping Computer)
|
|
|
-
New York-based Converge Insurance has raised $15 million in Series A funding from Forgepoint Capital. Converge offers cyber insurance to small and mid-size companies.
-
Cyble, a threat-intelligence company based in Atlanta, raised $24 million in a Series B investment round led by Blackbird Ventures and King River Capital. (Security Week)
|
|
|
Australian lawmakers move to ban Tencent's WeChat app. A ban of Chinese-owned WeChat from devices owned by the federal government would help protect Australia from national-security threats, a senate committee said. If the recommendation proceeds, WeChat would join Bytedance's TikTok as prohibited from government devices. (Associated Press)
|
|
|
-
The committee also pushed for fines for X, formerly known as Twitter, as well as Facebook and other social media if they don't disclose more details about how they handle user data and posts.
|
|
U.S. lawmakers want briefings by Aug. 9 from Commerce Secretary Gina Raimondo and Secretary of State Antony Blinken on recent email hacks. The House of Representatives Oversight Committee on Wednesday launched an investigation of breaches of federal agencies that have been linked to China. (Reuters)
|
|
|
|
|
|
|