Photo of Paul M. Rosen

This week it was reported that Indian police arrested four people accused of leaking a pre-release episode of the blockbuster HBO show, “Game of Thrones.”  The leak is supposedly the result of employees from a Mumbai-based company that stores and processes the series for the Indian streaming website Hotstar.

These arrests—which appear unrelated to the recent and well-publicized corporate hack of HBO—underscore the challenges that businesses operating around the world face in safeguarding their intellectual property in the supply chain.  Many corporations rely on third party vendors to deliver their business services and products—in this instance television content—around the world.  Yet, the security capabilities of these vendors varies widely, which is why companies can and should take key steps to protect their sensitive information as they share it with these third parties.

The two primary threats that third party vendors pose to companies are: (1) ensuring strong cybersecurity protections to mitigate the chance of a damaging hack; and (2) minimizing the chance of theft of sensitive business information by insiders with access.  To address these concerns, companies should consider the following.Continue Reading Risks Posed by Third Party Vendors Increasingly a Challenge for Businesses

On January 9, the Securities & Exchange Commission (“SEC”) released its National Examination Priorities (“NEP”) for 2014 and once again identified cybersecurity as a heightened risk that the agency intends to scrutinize as part of its mission to protect investors.  The NEP identifies technology — specifically, companies’ governance and supervision of IT systems, information security, and response readiness — as one of its most significant initiatives for 2014.  The NEP’s Broker-Dealer Exam Program also identifies market access controls related to “information leakage and cyber security” as a core risk on which the agency will focus in the coming year.

We wrote in a previous post about the SEC’s intensifying focus on corporations’ cybersecurity efforts – and on their cybersecurity weaknesses and risks.  Cybersecurity has continued to be a focal point for the SEC, especially in the face of mounting Congressional pressure on the agency to demand more transparency from companies about their cybersecurity risks and steps taken to address those risks, and recent reports of cyberattacks against U.S. companies and the massive costs to those companies that result.  SEC Chair Mary Jo White noted in a speech to the National Association of Corporate Directors in October that cybersecurity was a “hot topic from many perspectives.”  This year’s NEP is the latest sign that corporate cyber risks and incidents will remain in the agency spotlight in 2014.
Continue Reading SEC to Focus on Corporate Cybersecurity Risks in 2014