Skip to content
Latest News
  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • Samsung confirms big durability upgrade for Galaxy S25 Edge - and it's mostly good news
  • Dispute over Broadcom's licensing policy escalates
  • Broadcom allegedly sends demand letters to perpetual VMware license holders
  • The Nvidia Shield TV just got a long-awaited update - including these bug fixes
Unified Networking
  • Home
  • My Blogs
    • CASE STUDIES
    • DE
    • CONF TEMPLATES
  • Friendly Blogs
    • Networking Updates
    • Virtulization Updates
    • Security Updates
  • VIDEOS
    • Cisco dcloud Labs
  • News
  • My Profile

Ukraine War and Upcoming SEC Rules Push Boards to Sharpen Cyber Oversight

Posted on January 3, 2023January 4, 2023 by Admin
Ukraine War and Upcoming SEC Rules Push Boards to Sharpen Cyber Oversight

Related Post

  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • VMware Product Release Tracker (vTracker)
  • Russian Group Launches LOSTKEYS Malware in Attacks
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
  • LockBit Ransomware Hacked, Insider Secrets Exposed


Corporate boards and cybersecurity leaders are expected to collaborate more closely in the coming year to comply with new regulations and relentless attacks from hackers looking to steal data and disrupt business operations. 

The war in Ukraine, which is stretching both Russian and Ukrainian resources, further elevates cyber risks and remains high on corporate agendas. 

In many companies, the role of cybersecurity officers was elevated at the start of the Covid-19 pandemic when businesses quickly shifted to remote work and the volume of cyberattacks grew, said Lucia Milica, global resident chief information security officer at cybersecurity firm Proofpoint Inc. 

“It was sort of this ‘a-ha’ moment for a lot of boards,” she said.


Newsletter Sign-up

WSJ Pro

Cybersecurity

Cybersecurity news, analysis and insights from WSJ’s global team of reporters and editors.


In 2023, the U.S. Securities and Exchange Commission is expected to complete a proposal to require companies to disclose details about cybersecurity oversight and attacks, including which board members have security expertise. Those rules are “going to focus a lot on increasing board responsibilities,” said Patrick Gaul, executive director of the National Technology Security Coalition, an advocacy group for chief information security officers, or CISOs.

Businesses have received repeated warnings from U.S. government agencies about risks to companies after Russia’s invasion of Ukraine nearly one year ago. There haven’t been any destructive cyberattacks on American companies disclosed in connection to the war, but many CISOs remain wary, Mr. Gaul said. Members discussed the war during several roundtable discussions the coalition held in 2022, he said. 

Marc Hofmann, chief security officer at Finnish bank

Nordea Bank Abp,

said directors are asking more pointed questions about his work. 

They want to know how the bank might defend against a cyberattack from hackers working for a foreign government, he said. Mr. Hofmann and the board have also discussed hypothetical situations such as whether the bank, which mainly operates in northern Europe, needs satellite phones in case communications go down in a particular country, he said. In the past year, he has interacted with directors more frequently than in prior years, he said.

“There’s a mindshift change going on that nobody would be safe from a nation-state attack,” he said.

The war, along with the hybrid work models that have been put in place at many companies as a result of the pandemic, prompted corporate directors to carefully consider how their companies might be exposed to cyber risks, said Andrea Bonime-Blanc, chief executive of GEC Risk Advisory LLC, a New York-based firm that advises boards and executives about cybersecurity and risk management. 

Board awareness of cybersecurity “was already increasing glacially, but I think the Ukraine war has sharpened the minds,” Ms. Bonime-Blanc said. 

Some boards now rate cyber threats on a par with trade wars and supply-chain problems among risks that could have major impact on companies, said Michael Hilb, a professor of corporate governance at the University of Fribourg in Switzerland.

“This had implications about the whole approach. Planning and predictability has changed, how they budget, how they do strategy, is another indirect effect of the war,” he said.

SHARE YOUR THOUGHTS

What’s a good way for boards and security chiefs to establish rapport? Join the conversation below.

Still, many large companies don’t have board members with significant cyber expertise. Only 1.9%, or 86 of 4,621, board directors representing S&P 500 companies have held relevant professional cybersecurity roles in the past 10 years, according to a WSJ Pro analysis published in November. 

About 34% of directors don’t believe their boards have enough expertise to properly govern cybersecurity, according to a survey of 312 directors by the National Association of Corporate Directors. 

A communication gap between boards and security chiefs means neither side is as effective as needed to govern cybersecurity, said Yael Nagler, chief executive of Yass Partners, a consulting firm focused on aligning security leadership. 

Directors sometimes fail to understand core threats, Ms. Nagler said. “They’re not shy people but when it comes to cyber, they feel like they’re asking dumb questions,” she said. 

CISOs, in turn, often don’t take time to understand the role of a board and the specific experience and knowledge of their directors, she said. Successful CISOs ask directors what they want to know before meetings and follow up afterwards on whether they got what they expected, she said. 

Security leaders “often wait for permission,” she said. “There just isn’t enough dialogue.” 

Write to Catherine Stupp at catherine.stupp@wsj.com and Kim S. Nash at kim.nash@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8



Source link

Posted in RSS_Virtulization Tagged C&E Executive News Filter, C&E Industry News Filter, computers, Computers/Consumer Electronics, Computing, consumer electronics, Content Types, corporate, Corporate Governance, Corporate/Industrial News, crime, Crime/Legal Action, cybercrime, Cybercrime/Hacking, environmental, Environmental/Social/Governance, Factiva Filters, general news, governance, government policy, hacking, industrial news, legal action, management, political, Political/General News, Pro, regulation, Regulation/Government Policy, Senior Level Management, social, software, SYND, technology, WSJ-PRO-CYBER, WSJ-PRO-WSJ.com

Post navigation

The case for security intelligence
The CIO Guide for 2023: Top Tips for Navigating Uncertainty in the New Year

Subscribe For Updates

VMWARE

Helping Public Sector Organisations Define Cloud Strategy
October 29, 2020

Helping Public Sector Organisations Define Cloud Strategy

Introduction Cloud computing services have grown exponentially in

May 18, 2016

How to change the VLAN ID of the Service Console in ESX from the command line/console

June 09, 2015

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

June 07, 2015

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

May 12, 2015

vSphere Client Parameters

View All

Configuration Templates

February 16, 2015

CUE Licenses

Note: Useful LINK COPIED FROM OTHER SOURCE FOR REFERENCE INTRODUCTION

February 02, 2015

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

November 08, 2014

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

November 08, 2014

SIP Phone registration – CME Configuration

November 08, 2014

CUE Voicemail + VPIM networking (CUE to unity)

View All

Copyright 2016. All rights reserved

Proudly powered by WordPress | Profitmag by Rigorous Themes
Love This Article? Spread It.
X
  • Tweet