COVID‑19: Views on the crisis through a cyber-financial lens
Cyber governance performance is a key factor in determining how companies will manage through the crisis. Cyberhedge’s premium research on industries and companies impacted the most is available for all to read.
US Department of Justice calls for mandatory data breach reporting
At a hearing on March 4 before the U. S. Senate Judiciary Committee, Department of Justice (DoJ) Deputy Assistant Attorney General for National Asset Protection in the National Security Division Adam Hickey called upon Congress to enact legislation that would create a uniform nationwide data breach disclosure law and include a requirement that companies report breaches not just to customers but also to law enforcement.
Absence of ceasefire by ransomware hackers towards the healthcare industry means providers still need to maintain focus on cyber to reduce risk of additional shocks
Ransomware attacks on the healthcare industry continue at the same frequency as before Covid-19, despite recent promises by some hacker groups to avoid targeting the industry during the current crisis.
Corporate bond downgrades increase financial constraints on companies needing to improve cyber governance
A Wall Street Journal article outlined the accelerated pace of corporate bond downgrades amidst the Covid-19 pandemic and economic crisis. It has been the swiftest pace of downgrades on record over the last two weeks. Ford was the latest big name to be downgraded to junk, while approximately $90bn of debt was downgraded in March, and some estimate the number to reach $200bn this year.
Benefits of company digital tools like Zoom come with cyber and financial risks
As Zoom’s popularity has exponentially increased in recent weeks due to the mass migration to remote work, reports on security flaws continue to trickle out. Former NSA hacker Patrick Wardle shared with TechCruch two new security flaws that can be exploited to grant hackers physical control of a victim’s computer. Malicious code can be injected into a computer via a Zoom installer to gain root access — the highest level of user privileges.
Enterprise VPN and RDP use soars as COVID‑19‑driven remote work increases breach risks
Enterprise use of VPNs has increased by 33 percent, and use of Remote Desktop Protocols (RDP) has increased by about 40 percent over the past month as companies respond to COVID‑19 by having employees work from home. These systems increase the risk of a breach of company IT systems as they are inherently less protected than onsite systems and as employees use external access systems that they are less familiar with.
Macy’s e-commerce business has gone from rare nice growth story to a lifeline for a company fighting to survive in face of COVID‑19
Macy’s announced it is furloughing a majority of its 130,000 staff globally in the midst of the COVID‑19 crisis that has ground brick-and-mortar retail to a halt. Staff that remain will maintain e-commerce, distribution, and call centers operations.
Marriott customer data breach is a continuation of a concerning trend for the world’s largest hotel chain, which lacks the financial capacity to fix what is a structural problem, not a one-off incident.
Update to Cyber Governance Alert:Hertz
COVID-19-related travel disruptions are having a material impact on Hertz’s (HTZ’s) operations and financial position, as well as an increased likelihood of an operational problem related to its poor cyber governance.
A cyber attack stopped Travelex’s operations. It never fully recovered due to lack of cash to respond. The COVID-19 pandemic will weaken many companies’ cash positions in the coming months, also resulting in an inability to adequately respond to cyber attacks.
Companies face increased IT threats from targeted COVID‑19‑themed phishing attacks
The unprecedented challenges posed by the COVID‑19 outbreak extend to securing companies’ IT networks, and this event may be the biggest cybersecurity threat ever. Threat surfaces are also increasing dramatically as large numbers of workers are forced to work from home, often with systems and procedures that are different from those they are trained on and familiar with in their workplace.