Connect with us

Latest

Economy

Russia

Cybersecurity has never been more important to Russian companies

As the digital world and the commercial realm of bricks and mortar industry inexorably grow together through e-Commerce as well as the many paths opened via blockchain, the responsibilities of business management are rapidly changing through this evolution.

Published

on

385 Views

Russia has only recently finally codified and set out standards for corporate governance, transparency and paths to market trust. These past several years has also added a further fast developing area of concern, which is cyber risk, that today has become a major board responsibility and issue for both public and private companies.

Serving on and advising several Russian boards of directors over the years this has become ever more urgent, especially in the boardrooms. Business risk(s) are obviously a key factor to try to manage wherever on the planet one does business. One clear indication of how seriously this is taken is the rapid growth of budget allocations specific to getting a managed grip on cyber risks and cyber security.

Some companies place these responsibilities in the hands of risk management departments or similar, usually within the purview of an IT department, and that box was thereby ticked for better or for worse. Others push money at the challenge by retaining the services of a Dr. Web, Kaspersky, the Secret Studio and similar. Others may buy all sorts of cyber insurance mistakenly believing this will keep risks at bay, as insurers should/will recommend actions needed to qualify for comprehensive cover. The easy attitudes have changed, and ticking boxes, like passing the buck, will no longer suffice.

One of the challenges, among several, is the distance and differences in the understanding of the digital world and its language as opposed to the understanding of business, industry and the language of commerce. It was and to varying degrees still is a digital cultural divide at the general management and board level. With the blockchain and outgrowth applications in Fintech and elsewhere firmly gaining broad acceptance, the blending of these cultures is inevitable.

I have witnessed a real core change in the attitudes of Russian boards concerning cybersecurity and the increasing responsibility many directors are taking in addressing this area. Despite the reputation Russia has of being “hacker heaven” and able to leap tall buildings in a single bound, or alter foreign national elections. The fact is that cyber risks affect Russian businesses every bit as much as business in every corner of the world. These are equal opportunity risks knowing no national borders, or geopolitical dissonances as these threats are globally equal.

The development of means and measures to confront cyber risks in many businesses throughout Russia have been mixed at best, just like the rest of the world. Some are now at the cutting edge of cybersecurity, and some are still avoiding the issue aside from tasking IT departments to “handle it”.

For any company anywhere in the world cyber-risks are the same, and the threats do not come from some shadowy “evil empire”, but across the entire digital realm of the planet in equal measure. The juicier and more developed the target, the more hungry and aggressive are the risks, be it in Silicon Valley, Vladivostok, Dubai, Beijing or Durban. Like in any other risk sphere, the lower the fruit, the easier the target of opportunity.

Some of the better-prepared boards here have taken some proactive steps, which may be of interest to overview and I have attempted to collect them into a narrative. These observations are nothing more than applied common sense, not rocket science. Many of these positions have become part of the operational fabric of several companies, both public and private in Russia, and globally as well. What makes them valuable is that they are now being woven into the mindsets and views of more and more personnel, their management and boards of directors.

Several boards have prioritized into their operational mandates the task of identifying those key assets that may be open to cyber-attack, which cyber risks to avoid, accept, or simply observe, and to develop specific plans associated with each approach.

The corporate culture of many boards has changed to view cybersecurity as a strategic and managerial issue and to hold management accountable for recommending and implementing overall cyber-risk management strategy and polices. This had led to concepts and policies of defensive response, and then intelligently adapting by continually gathering updated intelligence in this fast changing risk environment.

There is a far greater emphasis undertaken by the board and management to understand the company’s exposure to third-party linkages and vendors. This in many cases has been shown to be a poorly secured backdoor.

Most importantly, quite a few are actively budgeting to augment the development of a corporate and HR culture that places a high value on cybersecurity, and educating all employees in this risk reality.

The one thing shareholders remember when it comes to a cyber crisis and the subsequent board/management judgement calls is the outcome achieved. A positive outcome is usually the result of a well- considered, disciplined process that demonstrates responsible planning and a commitment to creating and implementing corrective results. Therefore, CYA does play an incentive role in this area.

Board meetings have become a vital time for corporate directors to reassess how they exercise their governance responsibilities with regard to the management of cybersecurity risk. In today’s global cyber minefield, it is essential that boards of directors not just monitor performance, but reward through incentives excellence achieved in this area.

Boards must lead by defining to management their vision and behavior for cybersecurity and then clearly demonstrate the priority the organization places upon strict adherence. After all, a risk culture gathers all aspects of risk-taking and risk management together through shared corporate values, beliefs, and attitudes.

Cybersecurity is no exception; establishing a strong cybersecurity culture is an essential component of any program, given that the vast majority of cyber risk can be initially traced to people and related behaviors, not technology. There are no offensive strategies in cybersecurity, only defensive ones.

The reality is that most employees are not interested in their personal digital security, much less that of their company. In consequence, changing a company’s culture to strengthen security is especially difficult and requires a top to bottom commitment “with teeth” to keep pace with evolving threats. Historically, anything to do with IT security was kept separate from users by IT teams. Little wonder that users show no or little interest in the company’s digital security.

The simple fact of the cyber risk issue is that the employees/users should be the first line of defense. They are the ones who create and handle the information, and they are in the best position to understand its value. Boards of directors worldwide, not only in Russia are more frequently demanding that management develop interactive training and accountability programs that work with users. In some cases, modern game based training is used and can then monitor how staff apply this training to help transform a company’s culture into one where cybersecurity is in everybody’s interests to enhance.

Without a strong risk culture, even the best cybersecurity management framework would be vulnerable to weaknesses and failures. Given the continuously changing and quickly evolving cyber environment, engendering a strong cyber risk culture provides employees with principles and values to guide activities while policies are still in the process of being drafted or updated. It also strongly narrows the divide between analog and digital thinking, which yields benefits to users on a personal level as well.

No longer is it a question of whether a company will be attacked but more a question of when this will happen, and how a company is going to prevent it or at least control damage. Smart network surveillance, early warning indicators, multiple layers of defense, and lessons from past events are all critical components of cyber resilience. When things go wrong, whether in a major or minor way, the ability to quickly identify and respond to a problem will determine the company’s ultimate recovery and ability to continue conducting business.

Continue Reading
Advertisement
Comments

Latest

Putin, Trump meet in Helsinki for first bilateral summit

The Helsinki summit is the first ever full-fledged meeting between Vladimir Putin and Donald Trump. Their previous encounters were brief talks on the sidelines of the G20 and APEC summits in 2017.

Vladimir Rodzianko

Published

on

Russian President Vladimir Putin and US President Donald Trump are meeting in the Finnish capital of Helsinki for their first bilateral one-on-one meeting.

Trump arrived in the Finland capital a day early, while the jet of Putin, who wrapped up his nation’s hosting of the World Cup Sunday, touched down around 1 p.m. local time and the Russian president’s motorcade whisked him straight to the palace where the two world leaders are meeting.

Trump signed an August 2017 law imposing additional sanctions on Russia. The law bars Trump from easing many sanctions without Congress’ approval, but he can offer some relief without a nod from Congress.

Almost 700 Russian people and companies are under U.S. sanctions. Individuals face limits on their travel and freezes on at least some of their assets, while some top Russian state banks and companies, including oil and gas giants, are effectively barred from getting financing through U.S. banks and markets.

The agenda of the summit hasn’t been officially announced yet, though, the presidents are expected to discuss global crises, such as the Syrian conflict and Ukraine, as well as bilateral relations.

Stay tuned for updates…

Continue Reading

Latest

“Foreign entity, NOT RUSSIA” hacked Hillary Clinton’s emails (Video)

Rep. Louie Gohmert (R-Tx): Hillary Clinton’s cache of 30,000 emails was hacked by foreign actor, and it was not Russia.

Alex Christoforou

Published

on

A stunning revelation that hardly anyone in the mainstream media is covering.

Fox News gave Louie Gohmert (R-Tx) the opportunity to explain what was going on during his questioning of Peter Strzok, when the the Texas Congressman stated that a “foreign entity, NOT RUSSIA” hacked Hillary Clinton’s emails.

Aside from this segment on Fox News, this story is not getting any coverage, and we know why. It destroys the entire ‘Russia hacked Hillary’ narrative.

Gohmert states that this evidence is irrefutable and shows that a foreign actor, not connected to Russia in any way, intercepted and distributed Hillary Clinton’s cache of 30,000 emails.

Remember to Please Subscribe to The Duran’s YouTube Channel.

Via Zerohedge

As we sift through the ashes of Thursday’s dumpster-fire Congressional hearing with still employed FBI agent Peter Strzok, Luke Rosiak of the Daily Caller plucked out a key exchange between Rep. Louie Gohmert (R-Tx) and Strzok which revealed a yet-unknown bombshell about the Clinton email case.

Nearly all of Hillary Clinton’s emails on her homebrew server went to a foreign entity that isn’t Russia. When this was discovered by the Intelligence Community Inspector General (ICIG), IG Chuck McCullough sent his investigator Frank Ruckner and an attorney to notify Strzok along with three other people about the “anomaly.”

Four separate attempts were also made to notify DOJ Inspector General Michael Horowitz to brief him on the massive security breach, however Horowitz “never returned the call.” Recall that Horowitz concluded last month that despite Strzok’s extreme bias towards Hillary Clinton and against Donald Trump – none of it translated to Strzok’s work at the FBI.

In other words; Strzok, while investigating Clinton’s email server, completely ignored the fact that most of Clinton’s emails were sent to a foreign entity – while IG Horowitz simply didn’t want to know about it.

Daily Caller reports…

The Intelligence Community Inspector General (ICIG) found an “anomaly on Hillary Clinton’s emails going through their private server, and when they had done the forensic analysis, they found that her emails, every single one except four, over 30,000, were going to an address that was not on the distribution list,” Republican Rep. Louie Gohmert of Texas said during a hearing with FBI official Peter Strzok.

Gohmert continued..

“It was going to an unauthorized source that was a foreign entity unrelated to Russia.”

Strzok admitted to meeting with Ruckner but said he couldn’t remember the “specific” content of their discussion.

“The forensic examination was done by the ICIG and they can document that,” Gohmert said, “but you were given that information and you did nothing with it.”

According to Zerohedge “Mr. Horowitz got a call four times from someone wanting to brief him about this, and he never returned the call,” Gohmert said – and Horowitz wouldn’t return the call.

And while Peter Strzok couldn’t remember the specifics of his meeting with the IG about the giant “foreign entity” bombshell, he texted this to his mistress Lisa Page when the IG discovered the “(C)” classification on several of Clinton’s emails – something the FBI overlooked:

“Holy cow … if the FBI missed this, what else was missed? … Remind me to tell you to flag for Andy [redacted] emails we (actually ICIG) found that have portion marks (C) on a couple of paras. DoJ was Very Concerned about this.”

Via Zerohedge

In November of 2017, IG McCullough – an Obama appointee – revealed to Fox News that he received pushback when he tried to tell former DNI James Clapper about the foreign entity which had Clinton’s emails and other anomalies.

Instead of being embraced for trying to expose an illegal act, seven senators including Dianne Feinstein (D-Ca) wrote a letter accusing him of politicizing the issue.

“It’s absolutely irrelevant whether something is marked classified, it is the character of the information,” he said. Fox News reports…

McCullough said that from that point forward, he received only criticism and an “adversarial posture” from Congress when he tried to rectify the situation.

“I expected to be embraced and protected,” he said, adding that a Hill staffer “chided” him for failing to consider the “political consequences” of the information he was blowing the whistle on.

Continue Reading

Latest

Donald Trump plays good cop and bad cop with a weak Theresa May (Video)

The Duran – News in Review – Episode 55.

Alex Christoforou

Published

on

US President Donald Trump’s state visit to the UK was momentous, not for its substance, but rather for its sheer entertainment value.

Trump started his trip to the United Kingdom blasting Theresa May for her inability to negotiate a proper Brexit deal with the EU.  Trump ended his visit holding hands with the UK Prime Minister during a press conference where the most ‘special relationship’ between the two allies was once again reaffirmed.

Protests saw giant Trump “baby balloons” fly over London’s city center, as Trump played was his own good cop and bad cop to the UK PM, outside London at the Chequers…often times leaving May’s head spinning.

Even as Trump has left London, he remains front and center in the mind of Theresa May, who has now stated that Trump advised her to “sue” the European Union to resolve the tense negotiations over Brexit.

Trump had mentioned to reporters on Friday at a joint press conference with Theresa May that he had given the British leader a suggestion that she found too “brutal.”

Asked Sunday on the BBC’s Andrew Marr Show what that suggestion was, May: “He told me I should sue the EU. Not go into negotiation, sue them.” May added…

“What the president also said at that press conference was `Don’t walk away. Don’t walk away from the negotiations. Then you’re stuck.”‘

The Duran’s Alex Christoforou and Editor-in-Chief Alexander Mercouris summarize what was a state visit like no other, as Trump trolled the UK PM from beginning to end, and left London knowing that he got the better of a weakened British Prime Minister, who may not survive in office past next week.

Remember to Please Subscribe to The Duran’s YouTube Channel.

Via CNBC

It wasn’t exactly clear what Trump meant. The revelation came after explosive and undiplomatic remarks Trump made this week about May’s leadership — especially her handling of the Brexit negotiations — as he made his first official visit to Britain.

In an interview with The Sun newspaper published Thursday — just as May was hosting Trump at a lavish black-tie dinner — Trump said the British leader’s approach likely “killed” chances of a free-trade deal with the United States. He said he had told May how to conduct Brexit negotiations, “but she didn’t listen to me.”

He also praised May’s rival, Boris Johnson, who quit last week as foreign secretary to protest May’s Brexit plans. Trump claimed Johnson would make a “great prime minister.”

The comments shocked many in Britain — even May’s opponents — and threatened to undermine May’s already fragile hold on power. Her Conservative government is deeply split between supporters of a clean break with the EU and those who want to keep close ties with the bloc, Britain’s biggest trading partner.

Continue Reading

JOIN OUR YOUTUBE CHANNEL

Advertisement

Your donations make all the difference. Together we can expose fake news lies and deliver truth.

Amount to donate in USD$:

5 100

Waiting for PayPal...
Validating payment information...
Waiting for PayPal...
Advertisement
Advertisements
Advertisement
Advertisements

Quick Donate

The Duran
EURO
DONATE
Donate a quick 10 spot!

The Duran Newsletter

Trending