SEC == Security

 

CF Disclosure Guidance: Topic No. 2 – Cybersecurity

600px-US-SecuritiesAndExchangeCommission-Seal_svg_-325x325I would have completely missed this if it wasn’t for a colleague who spotted it; she described it as “This is the single largest announcement in cyber security in 10 years”…

And she is right to do so; this fundamentally changes the behaviour of companies in relationship to security.

By getting companies to report incidents and assert a value associated with the loss it puts Cyber Security on the agenda of the board, which is where it should have been for the last decade at least.

It enables investors to make choices based upon reported incidents, and determine if a company is a wise investment as a result in comparison to it’s peers. 

Well done SEC… now maybe the customers will do security updates in a timely fashion, and take user education about security seriously as an investment in investor confidence. 

sir_infographic_poster_MM_v11_updateIt will be interesting to see how they report and what mitigations they start to take; in our latest Security Intelligence Report we note that of the most common attacks we see most do not use an 0-day and can be mitigated with simple maintenance and that just under half require some level of user interaction, hopefully this will put both of patch management and user training on the board agenda of all publically traded companies. 

Advertisements

2 Responses to “SEC == Security”

  1. Colin Robbins Says:

    Stuart, I agree with the post apart from the last 3 words. I would delete “publically traded”. I accept the article is about SEC regulated companies, but all companies, big/small, public/private need to heed the advice. We are starting to see government procurement insist on good practice in the supply chain, maybe the SEC regulation could encourage such behaviour too, in addition to ‘get your own house in order’.

  2. Colin, I agree with you I hope that is the outcome, “a journey of thousand miles begins with a single step”… and all that…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: