learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Rachel Wilson: Cyber Cop at Morgan Stanley Wealth Management

2019-10-31

Barron's: Wilson would grow up to lead first the National Security Agency’s counterterrorism mission, and later its cyber-exploitation mission. Currently Morgan Stanley Wealth Management’s cybersecurity chief, Wilson talks with Barron’s Advisor about how fraudsters are trying to gain an edge in data theft and how advisors can stay a step ahead. And she reveals how a bunch of cybercriminals “in a basement somewhere in Tehran” drew her to Wall Street.

Read more...

Chinese Hackers Intercepted Text Messages, Says Cybersecurity Firm

2019-10-31

Independent.IE: Chinese hackers with a history of state-sponsored espionage have intercepted the text messages of thousands of foreigners in a targeted campaign that planted eavesdropping software on a telecommunications provider’s servers, a cybersecurity firm has said.

Read more...

Willis Towers Watson Launches Innovative New Cyber Policies for Clients

2019-10-30

Global News Wire: Willis Towers Watson (NASDAQ: WLTW), a leading global advisory, broking and solutions company, has launched three new cyber insurance policies for clients across the U.S., Canada, the U.K. and Western Europe. The policies provide innovative, tailored solutions for large enterprise and mid-market clients, enabling them to fully assess, protect and recover losses related to cyber risk. 

Read more...

The Future of Cybersecurity VC Investing with Lightspeed's Arif Janmohamed

2019-10-29

Tech Crunch: There are two types of enterprise startups: those that create value and those that protect value. Cybersecurity is most definitely part of the latter group, and as a vertical, it has sprawled the past few years as the scale of attacks on companies, organizations, and governments has continuously expanded.

Read more...

Cyber Attack on Asia Ports Could Cost $110 Billion: Lloyd's

2019-10-29

Reuters: A cyber attack on Asian ports could cost as much as $110 billion, or half the total global loss from natural catastrophes in 2018, a Lloyd’s of London-backed report said.

Read more...

Cybersecurity Trumps Political, Reputational Concerns for Companies

2019-10-29

Dark Reading: According to its annual "State of Enterprise Risk Management" report, ISACA found that 29% of the 4,625 risk managers polled identify cybersecurity at the top threat to their business, while 15% consider reputational risks and 13% name financial dangers as most critical...

Read more...

UniCredit Reveals Data Breach Exposing 3 Million Customer Records

2019-10-28

ZDNet: In total, roughly three million records were exposed, revealing the names, telephone numbers, email addresses, and cities where clients were registered. 

Read more...

Know Your Breach: Imperva

The target: Imperva, cyber-security firm based out of California.

The take: A complete copy of their customer information database.

The attack vector: Imperva uploaded a snapshot of its customer database for testing. However, in an unrelated incident, they left one of their internal systems publicly accessible on the internet from which the attacker stole key to the recently uploaded database. Using the key, the hacker was able to download a copy of the customer information.

After Imperva adopted cloud technologies to scale their infrastructure to meet increasing needs, they failed to account for the increased risk of this strategy. Cyber-security diligence applies at all levels of scale including times of expansion and investment in new technology.

Read more...

Police Database Flagged 9,000 Cybercrime Reports as 'Security Risk'

2019-10-24

The Guardian: Thousands of reports of cybercrime were quarantined on a police database instead of being investigated because software designed to protect the computer system labelled them a security risk.

Read more...

61% of Business Leaders Think Hackers Are Winning War Against Cyber Crime… and Many Are Ignoring the Problem, Reveals RSM Study

2019-10-24

Cision: A pan European survey of almost 600 successful businesses* has revealed that 61% of business leaders on the board of their company believe that in the war against cybercrime the hackers are more sophisticated than the software developers. 

Read more...

Cyber Attack Hits Prominent HedgeFund, Endowment, and Foundation

2019-10-24

Institutional Investor: Hackers breached the official email accounts of investment executives at the Kansas University endowment and Community Foundation of Texas late last month. This week, attackers hit hedge fund Arena Investors, sending a malicious phishing email from its chief operating officer’s address.

Read more...

Temasek Flags Challenges of Investing in Cybersecurity

2019-10-24

Asian Investor: With cybersecurity challenges set to keep mounting, investing into the area seems a sensible move, not least because it offers asset owners a potential inside track to protecting themselves.

But Asia-based investors looking to do so face several hurdles, in addition to the high current valuations, something Singapore state investor Temasek is well aware of.

**Article may require free sign-in to read**

Read more...

The NCSC Defends Nation Against More Than 600 Cyber Attacks

2019-10-23

NCSC: The National Cyber Security Centre (NCSC) has defended the UK against more than 600 cyber attacks in the past year – bringing the total number to almost 1,800, new figures show.

Read more...

Europol and Palo Alto Networks Expand Their Cooperation in Tackling Cybercrime

2019-10-23

Europol: Europol and Palo Alto Networks have signed a Memorandum of Understanding (MoU) to expand their collaborative efforts in combating cybercrime and working together to make cyberspace safer for citizens, businesses and governments.

Read more...

Thwarting Cybersecurity Attacks Depends on Strategic, Third-Party Investments

2019-10-22

Homeland Security News Wire: Companies interested in protecting themselves and their customers from cyber-attacks need to invest in themselves and the vendors that handle their data, according to new research from American University.

Read more...

Know Your Breach: FireEye

The target: FireEye, a publicly traded cybersecurity company in California.

The take: Corporate documents, details on client contracts and licenses, and personal login credentials.

The attack vector: Attackers used credentials exposed in public data breaches to access the personal accounts of a security analyst employed by FireEye. Once his accounts had been compromised, they were able to exploit his business use of those personal accounts to obtain sensitive information belonging to his employer.

On an individual level – this attacks highlights the importance of changing passwords and rotating credentials, particularly in the wake of a publicized credential breach. At the firm level - once confidential and sensitive information leaves a firm’s information systems, it’s completely outside of their control. Security policies must reflect zero tolerance for use of personal accounts to communicate on behalf of the firm or store/transfer sensitive and proprietary information.

Read more...

Why it Pays Asset Owners to Invest in Cybersecurity

2019-10-17

Asian Investor: Cyber criminals continue to develop a variety of smart tools to plot hacking schemes and data breaches in today’s intricately connected digital world, in which almost everyone’s data is stored, processed and accumulated. Anybody can become a target.

**Article may require free sign-in to read**

Read more...

Cybersecurity: Why Your Suppliers Are Still Your Weakest Link

2019-10-16

ZDNet: Ensuring an organisations suppliers and supply chain are well protected is now one of the key features of cybersecurity strategy because your company's defences rely on suppliers further down the chain.

Read more...

Quarter of UK Pension Schemes Unprepared for Cyber Attack: Aon

2019-10-16

Reinsurance News: While 95% of respondents to Aon’s Global Pension Risk Survey 2019 said their schemes had not been affected by cybercrime, a handful confirmed that they had been, and analysts expect this number to increase.

Read more...

UBF and SWIFT Collaborate to Combat Cyberattacks on UAE Banking Industry

2019-10-14

Gulf News: SWIFT is the leading provider of secure financial messaging services. SWIFT CSP is an initiative aimed at reinforcing the overall security of the global banking system by improving information sharing throughout the community, enhancing SWIFT-related tools for customers, sharing best practices for fraud detection and enhancing support by third party providers.

Read more...

JPMorgan-backed Cybersecurity Firm Eyes Aussie Banks

2019-10-14

Financial Review: The cybersecurity company will open offices in Sydney and Melbourne with a starting presence of five full-time employees, led by former Symantec and Linksys executive Stephanie Boo, the firm's Asia-Pacific managing director.

Read more...

Thoma Bravo to Buy Sophos for $3.9 Billion

2019-10-14

ZDNet: It is unclear how today's Sophos acquisition will impact plans to buy McAfee, but the two companies -- Sophos and McAfee -- are classic rivals on the cyber-security market and share a product portfolio, so the door seems to have closed on the McAfee deal.

Read more...

Cyberattacks Now Cost Small Companies $200,000 on Average, Putting Many Out of Business

2019-10-13

CNBC: With 43% of online attacks now aimed at small businesses, a favorite target of high-tech villains, yet only 14% prepared to defend themselves, owners increasingly need to start making high-tech security a top priority, according to network security leaders.

Read more...

Know Your Breach: Malindo Air

The target: Malindo Air, a Malaysian subsidiary of Indonesia’s Lion Group

The take: Approx. 35 million passenger records, including names, emails, addresses, passport numbers/expiration dates.

The attack vector: Two former employees of a subcontracted e-commerce provider were identified as having “improperly accessed and stole the personal data of our customers.” Malindo Air reiterated that their external controls were not breached and that “services and infrastructure worked as designed and were not compromised in any way.”

Malicious insiders are unfortunately common sources of data breaches, and internal controls and oversight must be put in place to ensure that data is being handled appropriately by both direct employees and subcontracted staff.

Read more...

Real Estate Sector Urged to Change Attitude Towards Cyber-attacks

2019-10-10

Property Funds World: A survey commissioned by Drooms, a provider of secure cloud solutions, found more than two in five (41 per cent) real estate professionals in Europe believe their industry is unprepared to deal with cyber-attacks.

Read more...

Cyber Insurers are Getting Craftier to Avoid Data-breach Payouts

2019-10-09

CSO: With volumes of cybersecurity insurance claims surging, businesses need to be more careful than ever about what their policies do and don’t cover, according to an academic who warned that insurers are becoming more mercenary in their interpretations of cyber events.

Read more...

Tripwire Survey: 93% of Cybersecurity Professionals Concerned About Cyberattacks Shutting Down Operations

2019-10-08

Business Wire: Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a survey examining how organizations are addressing industrial control system (ICS) cyber threats.

Read more...

France Warns of Cyberattacks Against Service Providers and Engineering Offices

2019-10-08

ZDNet: "Attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients," the National Cybersecurity Agency of France, known locally as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), said in a technical report.

Read more...

Client Retention, Cybersecurity are Big Concerns for Advisers – Survey

2019-10-08

Pensions & Investments: In the survey of 531 retirement plan advisers at the NAPA 401(k) Summit in April, 35% of respondents ranked the issue of client retention "very important" compared with 24% the previous year when NAPA first conducted the survey. Thirty-five percent also ranked cybersecurity as very important. Cybersecurity was not included as an option in the 2018 survey.

Read more...

U.S. Companies Unaware of EU Cybersecurity Regulations

2019-10-07

Forbes: U.S. companies have been abuzz about compliance requirements with the European Union’s (EU) Global Data Protection Regulation (GDPR), which became effective May 25, 2018. The GDPR was so scary because the enforcement provisions allowed fines up to 2-4% of total global turnover.

Read more...

UK Energy Boss Conned out of £200,000 in ‘Deep Fake’ Fraud

2019-10-06

City A.M.: The UK boss of an unnamed energy firm was tricked into transferring the money following a phone call from that appeared to come from his boss at the German parent company, the Mail on Sunday reported.

Read more...

Know Your Breach: Philips Capital Inc

The target: Philips Capital Inc, a Chicago-based brokerage firm.

The take: $1 million USD from a client account.

The attack vector: Attackers gained access to internal systems via a successful phishing attempt and impersonated a client of the firm using information they’d gained from reviewing past e-mail correspondences. Gaps in disbursement procedures allowed a requested wire transfer to an unknown bank account to be approved and processed.

While technical controls can protect against cyber-attacks, they cannot always compensate for gaps in procedure and a failure to think critically.

Read more...

Sberbank Hit by Huge Data Breach

2019-10-03

The Moscow Times: The personal details of millions of Sberbank customers may have been leaked, in what would be the largest-ever data breach in Russian banking, according to cyber security experts.

Analysts at cybersecurity firm DeviceLock found personal information relating to up to 60 million Sberbank credit card holders for sale on the black market. They were able to analyse the data of around 200 supposed customers — provided to them by the seller — and verified their authenticity. 

Read more...

Israeli Firm Traces Cyberattacks on Egyptian Activists to Cairo Government

2019-10-03

The Times of Israel: A leading Israeli cybersecurity company found that a series of cyberattacks against Egyptian journalists, academics, opposition politicians and rights activists was likely perpetrated by the Egyptian government.

Read more...

Align Awarded Best Cybersecurity Services Provider for Hedge Funds for Second Consecutive Year

2019-10-02

Business Wire: The accolade is based on an online peer-review survey in which investors, hedge fund managers and service providers are invited to elect a “best in class” in a variety of categories. The recognition comes on the heels of Align ranking 122 on the Top 200 Managed Security Services Providers (MSSPs) of 2019. The firm was also highly commended for “Best Use of Cloud Technology” in the HFM US Service Awards.

Read more...

Inside a Massive Cyber Hack that Risks Compromising Leaders Across the Globe

2019-10-02

ABC News: One email was all it took for hackers to steal some of the most personal information from people potentially now in high-ranking roles across the globe.

The cyber attack was so sophisticated it didn’t even need the person to click on a link or open a document to compromise decades worth of private information.

Read more...

Financial Crime and Fraud in the Age of Cybersecurity

2019-10

McKinsey: In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on anti–money laundering (AML) controls alone in 2017. The crimes themselves, detected and undetected, have become more numerous and costly than ever. In a widely cited estimate, for every dollar of fraud institutions lose nearly three dollars, once associated costs are added to the fraud loss itself.

Read more...

MAS Highlights the Need to Manage Cyber Risks

2019-10-02

Hubbis: The first key observation raised by the discussion was the acknowledgement of the potential for poor risk culture to contribute to occurrences of cyber incidents. Members of the Cyber Security Advisory Panel (CSAP) advised that the board and senior management of financial institutions should set clear expectations for cyber risk culture, and subsequently monitoring and assessing how well the desired risk management culture is operating across the organisation.

Read more...

BoE’s Williams: Banks' Third Party Cybersecurity Worries Growing

2019-09-27

Bob's Guide: On May 14, BoE’s director of supervisory risk specialists, Nick Strange gave a progress report on operational resilience, and announced that the Financial Policy Committee (FPC) would have an upcoming stress testing pilot on payment systems.

Read more...