Security Threats Are Real, Stay Safe
Due to the constant barrage of high profile data network intrusions (e.g, LinkedIn, Nissan, Global Payment Systems, VeriSign and Subway), many firms have rightly started to focus their efforts on better securing their infrastructure. But are the efforts enough to sufficiently ward off eager cybercriminals who are deploying far more sophisticated methods to infiltrate business networks? Having solid Security Controls in place would go far in addressing most companies concerns to mitigate RISK. Do you know if your IDS/IPS is working properly?
According to a survey conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations’ computers had been breached at least once by hackers over the past 12 months. Unfortunately for the remaining 10%, it only is only a matter of time before they are breached too. Do you think your organization’s valuable information is secure? When was the last time your firm completed an Internal/External Vulnerability Assessment?
Larger companies have established Business Continuity Plans (BCP) or Data Recovery Plans (DRP) in place to address the fall-out from unauthorized network intrusions. Additionally, they are financially more capable of absorbing the costs and have more resources at their disposal to pursue the offenders. Thanks to The Syber Group, smaller firms are not without data security options. Staying ahead of the security game can mean the difference between keeping your business moving forward or being stuck trying to recover from the devastation caused by unauthorized hacking attacks, providing breach notifications mandated by law or trying to regain customer’s goodwill and restoring the reputation of your organization.
TSG
Hacked Companies Still Not Alerting Investors
February 9, 2012 by admin
Filed under Around The Net
Comments Off on Hacked Companies Still Not Alerting Investors
At least a half-dozen major U.S. companies whose computer networks have been breached by cyber criminals or international spies have not admitted to the incidents despite new guidance from securities regulators urging such disclosures.
Top U.S. cybersecurity officials believe corporate hacking is widespread, and the Securities and Exchange Commission issued a lengthy “guidance” document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.
But with one full quarter having elapsed since the SEC request, some major companies that are known to have had significant digital security breaches have said nothing about the incidents in their regulatory filings.
Defense contractor Lockheed Martin Corp, for example, said last May that it had fended off a “significant and tenacious” cyber attack on its networks. But Lockheed’s most recent 10-Q quarterly filing, like its filing for the period that included the attack, does not even list hacking as a generic risk, let alone state that it has been targeted.
A Reuters review of more than 2,000 filings since the SEC guidance found some companies, including Internet infrastructure company VeriSign Inc and credit card and debit card transaction processor VeriFone Systems Inc, revealed significant new information about hacking incidents.
Yet the vast majority of companies addressing the issue only used new boilerplate language to describe a general risk. Some hacking victims did not even do that.