Cyber and the board
There’s an interesting article in the Harvard Law School Forum on Corporate Governance and Financial Regulation. What the Capital One Hack Means for Boards of Directors has some interesting insights that merit the attention of risk, cyber, audit, and governance practitioners.
Much of the article is useful background information for board members, in particular the discussion on how hackers penetrate third parties (or fourth parties) as a way of gaining access to your network and its systems and data.
Here are some other interesting comments:
- …vendors, partners, business associates, and other third parties whose outsourced operations become integrated within a company, can pose a challenging and existential cybersecurity threat to operations. Yet despite increased regulatory scrutiny; growing virtual threats at a global, national and state level; and a riskier business environment, most experts would attest that the relative maturity level of vendor risk management programs is still lacking.
- …digital interconnectivity between vendor and customer creates an inherent risk as cybersecurity shortcomings of third-party vendors have become the go-to-attack vector for cybercriminals. In fact, PWC reports that 63% of all cyber-attacks could be traced either directly or indirectly…
