June 2017

A new strain of malware began infecting computer systems across the globe on Tuesday.  Similar to the WannaCry ransomware that struck last month, the malware used in this week’s attack spreads quickly across multiple computers on a network, encrypting files and displaying a ransom note that requests $300 worth of bitcoin for a decryption key.

Reports of infection began in Ukraine, where computer systems belonging to government ministries, financial institutions, transportation systems, and major energy companies began malfunctioning.  The attack was first believed to be caused by a variant of the “Petya” strain of ransomware, however recent reports from security experts indicate that the malware used during this week’s attack was altered so that, even with a decryption key, encrypted files cannot be recovered.  This fact has lead several sources to dub the malware “ExPetr” and speculate that the attacker’s motivations were destructive instead of financial.

How to pitch, explain, defend and collaborate on cybersecurity

The board demands answers on cybersecurity. We discuss how executives can effectively respond to and collaborate with the board.

Boards have now recognized that their companies, and board members themselves, face operational, financial, legal, and reputational consequences if they fail to address cybersecurity risk. Now, boards are asking company executives to explain the company’s current state of readiness and a plan of action – presenting both a challenge and an opportunity.

Join us on July 11 in New York for an engaging discussion on how to meet the challenge of explaining cybersecurity to boards and leverage the conversation to empower company executives with focus and resources to address cybersecurity risks.

Challenging questions. Practical, insightful answers.

Broker-dealers and investment advisers in Colorado will soon be required to comply with new rules designed to protect the electronic information they collect and maintain.  On May 19, 2017, the Colorado Division of Securities adopted final cybersecurity rules under the Colorado Securities Act.  In addition to requiring written procedures that are “reasonably designed to ensure cybersecurity,” the rules also mandate annual risk assessments of firms’ data security practices.  The Colorado Attorney General approved the rules on June 7, 2017, and the effective date of the rules is July 15, 2017.