Cyberattacks keep affecting a record number of companies internationally. Yet the 27 largest American companies that have reported cyberattacks also report that they have suffered no severe financial damages. The government disagrees. The U.S. Government reports the losses to be in the billions.
Experts also believe that North Korea is mounting attacks against the South, and that the Chinese government has been extraordinarily active in hacking and corporate espionage directed against the United States. The North Koreans are already blamed for attacks on the South in March. And now there is word today from the North that they are under attack.
Large companies like Coca-Cola and Honeywell International were among the largest U.S. companies to report cyberattacks in SEC filings. All said that there was “no material impact.” Citigroup reported “limited losses.”
This seems to contradict the press reports out there. The press has been forthcoming in reporting its own exposure to cyberattacks, particularly the recent spate of cyberattacks by China. The New York Times also reported that a six month long series of attacks on financial institutions including American Express, JPMorgan Chase, Wells Fargo, Bank of America and others has taken them off line and resulted in millions of dollars worth of damages.
Coca-Cola (Photo credit: Moyan_Brenn)
One Islamic group has claimed responsibility for certain attacks. The group said the attacks were in retaliation for an anti-Islamic video that appeared on YouTube last year. U.S. officials say that the group is in reality a cover for Iran.
The government wants to know what the risks are and how to prevent attacks. At the same time, corporations don’t want to disclose their weaknesses or also provide roadmaps to future attacks. The most recent SEC guidance is that companies must disclose cyberattacks or associated risks if that information is deemed “material.” One analyst drew a comparison with the risk of weather events. They are disruptive to users but not material to operations.
From corporate disclosures which are quite vague, one gets the sense that they are trying to disclose the minimum that will keep them out of hot water with the SEC but immune to the prying eyes of the press and investors.
Until there is a more complete disclosure or a cyberattack that causes a major disruption, most of us will remain in the dark. Given the government’s widespread concern and the experience with dealing with attacks on its own systems, companies may be putting the best possible spin on a dangerous state of affairs. Unfortunately, there seems to be very little that the SEC can do in the way of follow up other than ask how companies arrived at their conclusions.
The seeming inevitability of these attacks makes many companies wonder whether all of their internal data privacy and security policies are worth the expense. The clear answer is “yes.” Even diamond merchants can’t keep out some professional thieves. But they can keep out 99% of them.
www.forbes.com
No hay comentarios.:
Publicar un comentario