Tag Archives: NYSE

Security News for the Week Ending January 8, 2021

Britain Says Assange Cannot be Extradited

Julian Assange, a long time thorn in the backside of some folks in the US government, cannot be extradited to the US, a British court says. The court said that while he probably can get a fair trial in the US, the court system in the US is unlikely stop him from committing suicide (a la Jeffrey Epstein, another very high profile prisoner). The US is expected to appeal. Credit: Cybernews

Covid Stimulus Bill and UFOs

The first question is why? and the answer is Congress? Buried deep in the Covid stimulus bill is Intelligence Authorization Act which mandates the Pentagon release a report on its UFO task force report. Stay tuned. Credit: Vice

New York Stock Exchange Changes Mind About Delisting Chinese Stocks

After the NYSE said it was going to delist 3 Chinese telecom stocks because the President said they were tied to the Chinese government/military, they suddenly changed their mind. They said that they made the decision after consulting with their regulators. Not sure what this means in the long term, but it might mean that the DoJ thinks the President is on shaky ground legally in doing that and rather than get sued, they are going to let it play out in the courts. Credit: Cybernews

Right after this happened the exchange got a call from Secretary Mnuchin and, apparently he changed their mind. Again. So now they do plan to delist these stocks. Until they change their mind again. This is really a symbolic move since only about 2% of their shares go though the NYSE. Credit: ZDNet

Hackers Use Fake Trump Scandal Video to Load Malware

Want to see a (purported) Trump sex scandal video? Well ignoring your thoughts on the subject, the email is just click bait. If you fall for the bait and click, the malware will install a Remote Access Trojan or RAT on your computer, allowing the hacker to connect to your computer and rummage through (and steal) all your stuff. They could, in addition, deposit some ransomware when they are done, so no matter how curious you might be, don’t click. Credit: Hacker News

Nissan Seems to Have Lost Control of their Source Code

A car is not only a vehicle these days, but also a computer on wheels. More accurately, probably a hundred computers on wheels, plus a bunch of server software plus some mobile apps plus. You get the idea. So one might expect that you would protect that. Nissan did; with Userid:admin and Password:admin. A bit of a problem and it may even be difficult for Nissan to sue because they didn’t take reasonable care. Credit: SC Magazine

What The Boardroom Thinks About Data Breach Liability

The New York Stock Exchange and Veracode surveyed 276 board directors or senior execs of publicly traded companies on the subject of data breach liability and I find the results interesting.

It is important to understand that these are very large companies and when it comes to cyber risk, they are likely at the top of the learning curve.  Still, what they think today is likely what the rest of the companies will think in a few years.

That said, here are some of the results:

  1. 90% believe that regulators should hold companies liable for breaches if they didn’t properly secure their data.  This answer really hinges on the definition of “properly”.  Still, these board members are not trying to get out of their responsibility, which I think is great.
  2. 90% also think that third party software providers should be held liable for vulnerabilities in their code.  While this sort of tracks with #1 above, if you are a software vendor and sell to big companies, I would worry about this.  If what this means is that they want you to fix the bug, that is not a big deal.  If what it means is that they want you to pay for the breach if the attackers got in due to a bug in your software, that is a BIG problem.
  3. 65% say that they either have already or are planning to include liability clauses in their contracts with software suppliers.  If you are a software vendor, this could dramatically affect your business and would likely change what cyber liability coverages you buy and at what amount and indirectly, your cost of doing business.
  4. When it comes to cyber insurance, 91% have some form of insurance including business interruption and data restoration.  54% have coverage for fines, breach notification and extortion.  35% say they want coverage for software coding and human error when it leads to a breach.  This last coverage is not well defined yet and could be expensive.
  5. 52% say they are buying employee or insider threat coverage.  This is smart because a goodly percentage of breaches are due to acts of omission or commission by insiders.

What is unclear at this point is what the regulators and insurance companies are going to demand.  Companies can wait for the regulators (like the very detailed proposed rules from the NYDFS) or companies can get ahead of the power curve.

What seems clear is that with insurance companies beginning to raise premiums and deductibles significantly (premiums in retail went up 32% in the first half of 2015;  Anthem had to accept a $25 million deductible when the renewed their insurance this year), what is next is insurance companies examining business practices much more closely before granting or renewing coverage – some carriers have already started doing this.

Businesses have two choices – wait and hope they can scramble fast enough when the regulators or insurance carriers call on them or get ahead of the power curve – the choice is a business decision that may impact the future of the company.  Big NYSE companies can afford to hire experts when this happens and pay them $50 million to get the tushes out of a crack.  For smaller companies, even if that bill scales down to $5 million, it might be a problem.  And, even if you spend the money, the inside resources that are needed to execute these plans will likely be significant.

Interesting food for thought.

Information for this post came from Dark Reading.

NYSE Releases Free eBook On Cyber Risk

The New York Stock Exchange, in partnership with Palo Alto Networks, 40+ authors and The Security Roundtable, have published a free eBook entitled Navigating The Digital Age: The Definitive Cybersecurity Guide for Directors and Officers.

While some might argue about the hyperbole surrounding calling it THE DEFINITIVE GUIDE, it does provide a lot of information for Directors and Officers willing to read it’s 350+ pages.

The book is organized as a collection of articles, each written and sponsored by an organization such as The Chertoff Group (Michael Chertoff was a former Secretary of the Department Of Homeland Security), The World Economic Forum, Fish & Richardson (Gus Coldebella was General Counsel at DHS).  There are articles contributed by Booz Allen Hamilton,  The Department of Justice, a variety of law firms, NYSE itself and others.

By virtue of the fact that it is written as a collection of articles, the reader can skip around without losing the plot – since there is none.  It can also be used as a reference source.

The book is free and available here.