SEC Push May Yield New Disclosures of Company Cyber Attacks

Bloomberg has an article about the SEC requiring companies to reveal more cybercrime information when their networks and intellectual property/secrets are hacked. Some interesting facts and quotes from the article:

• The cost to businesses of exposing data such as Social Security and credit-card numbers climbed to an average of $7.2 million per incident last year.

• Mandiant Corp., a security firm that specializes in cyber-based industrial espionage, has responded to incidents at 22 Fortune 100 companies. The company estimates that many more than 20 percent of Fortune 500 companies experienced serious breaches recently or are dealing with current ones.

• According to the former Director of NCIX, the networks of more than 2,000 companies, research universities, Internet service providers and government agencies were hit over the past decade by China-based cyber spies.

• “It doesn’t square that billions of dollars in intellectual property is being lost and investors don’t care.” –Jacob Olcott, a former staff expert on cybersecurity for the Senate Commerce Committee

• Beginning in 2009, the networks of at least six major U.S. and European energy companies were breached by China-based hackers. The attacks provided the cyber-thieves with valuable, confidential assessments of the quality and accessibility of oil reserves.

• Attendees at the World Petroleum Conference were warned that hackers, who are launching more carefully planned attacks against the industry, could gain control of computerized release valves that control oil pipelines, resulting in loss of life, uncontainable fires and costly court battles.

• In the past five years, cyberspies have raided pharmaceutical companies, cosmetics makers, chip fabricators and mining companies. They have stolen blueprints, manufacturing technology and the chemical formulas of market-leading products.

• In 2011, China-based hackers infiltrated RSA Security’s computer network and stole critical technology related to SecurID, an authentication token used by banks, defense contractors and government agencies to secure their networks. The attack saw the loss of valuable proprietary technology and damage to the reputation of a company that’s paid for its expertise in protecting its clients from hackers.

Security and Security Awareness is vital!