Cyber governance performance is a key factor in determining how companies will manage through the crisis. Cyberhedge’s premium research on industries and companies impacted the most is available for all to read.
Macy’s announced a $1.1 billion bond sale to help shore-up the struggling retailers balance sheet as it navigates the COVID‑19 shutdown. The fresh injection of capital is needed to pay down short term debt maturing in January 2021 and fund operations in the immediate term.
Read full articleData from 30m McAfee MVISION Cloud users worldwide between January and April 2020 show external attacks by hackers on companies’ cloud-based systems have increased 630 percent following the mass migration to work from home. Overall enterprise use of cloud services has increased by 50 percent over the same time period. Use of Cisco Webex has increased 600 percent, Zoom by 350 percent, Microsoft Teams by 300 percent and Slack by 200 percent. Attacks by ‘insider threat’ categories (i. e. employees working from home) have remained the same, indicating that employees do not ‘attempt to steal more data because they are working from home’.
Read full articleA WSJ article chronicled how HTZ was struggling long before COVID‑19, including reference to its belated digital shift relative to peers and repeated missteps with regard to its digital strategy. This reportedly included adverse impacts on fleet management while it cycled through four CEOs in less than 10 years.
Read full articleBritish low-cost carrier EasyJet (EZJ) disclosed a customer data breach that the company says impacted 9 million customers. A majority of the data stolen was reportedly email and physical addresses, but a smaller percentage of customers reportedly had credit card details stolen. EZJ first became aware of the breach in January.
Read full articleCompanies are struggling with increasing compliance burdens that are taking up significant portions of corporate IT budgets and time. 51 percent of respondents report that compliance requirements take up 20,000 hours of resources annually. In addition, 58 percent of companies report that compliance requirements are a barrier to entering new markets. 70 percent say they must manage at least five different compliance projects at any given time, while 7 percent work on 50 or more projects at any given time.
Read full article
A well-managed company overall, FERG has executed effectively on its digital strategy and invested sufficiently in security to manage the downside financial risks associated with its increased digitization. Strong execution on e-Commerce, its customer sales and maintenance and back-end operations has yielded tangible benefits to the business, helping management deliver on key KPIs including solid margins. This has contributed to FERG’s 4-Star cyber governance rating (out of 5) on a regional basis and 5-Star rating on a relative basis among European industrials.
A NYT Times story explains how the fall of two retail giants—J. Crew and Neiman Marcus stemmed not only from the pandemic but also from the involvement of private equity firms and the financial over-engineering they deployed. The longstanding weaknesses of some traditional bricks and mortar retailers which include belated or poorly executed digital strategies are also directly related to an inability to make big investments due to being overleveraged. These weaknesses were further exposed by the pandemic, resulting in the recent bankruptcy filings.
Read full articleVulnerabilities in SaltStack software were used as a vector to infect cloud servers with malware or other exploits, with over 6,000 master servers reportedly infected and directly exposed to the internet according to the company, allowing them to be breached. The vulnerabilities were discovered about two weeks ago, and several networks have already reported that they have been breached and had cryptocurrency mining malware deployed onto their servers. More damaging attacks such as data theft and ransomware are possible. A patch is now available for the vulnerability.
Read full articlePitney Bowes Inc. (PBI) experienced a second ransomware attack in seven months on May 4th. The ransomware gang Maze claimed to have breached and encrypted the company’s network. The incident was confirmed by PBI in a statement: “Recently, we detected a security incident related to a ransomware attack. We are investigating the scope of the attack, specifically the type of data that had been accessed, which appears to be limited.” PBI is working with its security partner IBM Iris to complete forensic analysis on the attack.
Read full articleCiting a recent report by market research firm Canalys, the WSJ depicts a mixed picture on market-wide digital transformation prospects. Though Microsoft’s year-on-year enterprise cloud growth grabbed headlines, also included in results was the company’s admission that multi-year licensing deals were slow to complete in the final weeks of the quarter —just as the COVID‑19-induced slowdown was taking hold. Some analysts see a positive long-term trend towards digital being brought forward by the pandemic. Others see a slowdown in IT spend and longer-term licensing commitments and investment in cloud initiatives like further AI adoption in the short term as companies scramble to cut costs.
Read full article
In the wake of COVID‑19 and the global lockdown, IWG has lost two-thirds of its market value in the span of two weeks. Though it was considered to be in a strong position to take advantage of WeWork’s financial governance failure heading into 2020, the Cyberhedge cyber-financial model alerted us to the potentially negative impact of its weak cyber governance prior to the current market troubles.
A survey by Barracuda of over 1,000 business decision makers in the UK, US, France and Germany reveals significant cyber security deterioration from the recent sudden shift to remote working. 51 percent have seen an increase in email fishing attacks, 51 percent say their workforce is not proficient or properly trained in the cyber risks associated with remote working, 46 percent are not confident that their web applications are secure, 50 percent allow employees to use personal email addresses and personal devices to conduct company work, 49 percent fully expect to see a data breach or cybersecurity incident in the next month due to remote working. Despite this clear increase in the threat surface, 40 percent of the companies have cut their cybersecurity budgets as part of COVID‑19 cost saving measures.
Read full articleFitch expects COVID‑19 related economic impacts to test the growing cyber insurance market due to risks around cloud-related breaches and other operational disruptions that could result in capital constraints and impact ratings.
Read full article“We’ve seen two years’ worth of digital transformation in two months. From remote teamwork and learning, to sales and customer service, to critical cloud infrastructure and security—we are working alongside customers every day to help them adapt and stay open for business in a world of remote everything,” said Satya Nadella, chief executive officer of Microsoft on the announcement of strong Q3 results today.
Read full articleTravelex announced that it is seeking offers and that interested parties should contact PricewaterhouseCoopers. Travelex’s business was severely impacted by its December 2019 cyber breach, which put the company in a very difficult financial position even before COVID‑19 disruptions hit.
Read full articleA WSJ report outlined how increased cyber risks amid COVID‑19 are posing increased challenges for M&A transactions globally.
Read full articleA survey of 2,000 remote workers in the UK reveals that two-thirds have not received cybersecurity training over the past year, and 61 percent said they were using personal devices to work remotely instead of corporate-issued devices. Despite these shortcomings, 77 percent reported that they are not worried about security while working from home.
Read full articleA recently published Trustwave report looking at cybercrime globally found that far and away the most common environment breached is corporate and internal IT networks (54%), followed by ecommerce (22%) and the cloud (20%). In the thousands of incidents studied, the report found that 50% of breaches across all environments stemmed from phishing and social engineering.
Read full article
Ryanair entered 2020 in decent financial shape relative to other low cost airlines. But in addition to the COVID‑19 disruption, poor cyber governance poses a risk to the company’s industry-leading operating margins, the key enabler for RYA’s aggressive pricing and thus market share growth post-COVID‑19.
Zurich Insurance outlined how companies can defend against ransomware at a time when cyber vulnerabilities have increased amidst the COVID‑19-induced shift to remote work. The approach leverages the NIST framework, widely seen as the global standard for improving cyber defense.
Read full articleMSC reported Friday that a network outage is affecting systems at its Geneva headquarters, and that a cyber attack might be responsible. As of Tuesday 16:00 GMT, the MSC website is still down and the company has released very little new information. General operations appear not to be widely impacted yet, but precedent shows that an operational disruption can be extremely value destructive to a company like MSC.
Read full articleAt a hearing on March 4 before the U. S. Senate Judiciary Committee, Department of Justice (DoJ) Deputy Assistant Attorney General for National Asset Protection in the National Security Division Adam Hickey called upon Congress to enact legislation that would create a uniform nationwide data breach disclosure law and include a requirement that companies report breaches not just to customers but also to law enforcement.
Read full articleRansomware attacks on the healthcare industry continue at the same frequency as before COVID‑19, despite recent promises by some hacker groups to avoid targeting the industry during the current crisis.
Read full articleA Wall Street Journal article outlined the accelerated pace of corporate bond downgrades amidst the COVID‑19 pandemic and economic crisis. It has been the swiftest pace of downgrades on record over the last two weeks. Ford was the latest big name to be downgraded to junk, while approximately $90bn of debt was downgraded in March, and some estimate the number to reach $200bn this year.
Read full articleAs Zoom’s popularity has exponentially increased in recent weeks due to the mass migration to remote work, reports on security flaws continue to trickle out. Former NSA hacker Patrick Wardle shared with TechCruch two new security flaws that can be exploited to grant hackers physical control of a victim’s computer. Malicious code can be injected into a computer via a Zoom installer to gain root access—the highest level of user privileges.
Read full articleEnterprise use of VPNs has increased by 33 percent, and use of Remote Desktop Protocols (RDP) has increased by about 40 percent over the past month as companies respond to COVID‑19 by having employees work from home. These systems increase the risk of a breach of company IT systems as they are inherently less protected than onsite systems and as employees use external access systems that they are less familiar with.
Read full articleMacy’s announced it is furloughing a majority of its 130,000 staff globally in the midst of the COVID‑19 crisis that has ground brick-and-mortar retail to a halt. Staff that remain will maintain e-commerce, distribution, and call centers operations.
Read full article
Marriott customer data breach is a continuation of a concerning trend for the world’s largest hotel chain, which lacks the financial capacity to fix what is a structural problem, not a one-off incident.
COVID-19-related travel disruptions are having a material impact on Hertz’s (HTZ’s) operations and financial position, as well as an increased likelihood of an operational problem related to its poor cyber governance.
COVID-19 disruptions to travel and global business operations are having a significant negative impact on Informa’s (INF’s) core customer events business and its financial position.
A cyber attack stopped Travelex’s operations. It never fully recovered due to lack of cash to respond. The COVID-19 pandemic will weaken many companies’ cash positions in the coming months, also resulting in an inability to adequately respond to cyber attacks.
The unprecedented challenges posed by the COVID‑19 outbreak extend to securing companies’ IT networks, and this event may be the biggest cybersecurity threat ever. Threat surfaces are also increasing dramatically as large numbers of workers are forced to work from home, often with systems and procedures that are different from those they are trained on and familiar with in their workplace.
Read full article
Read more
Read more