In The Press
Cybersecurity Challenges For The Boardroom: What Publicly Traded Companies Should Consider
Steven Grimberg and Mark Ray are Managing Directors at Nardello & Co., a leading global investigations firm that, among other things, specializes in cybersecurity consulting, internal investigations and incident response. Grimberg is a former federal prosecutor with the U.S. Department of Justice who led a cybercrime unit and investigated complex and high-profile criminal and national security-related cyber incidents. Ray is a former special agent with the Federal Bureau of Investigation who led global investigations involving transnational cyber-criminal organizations.
Christopher P. Skroupa: What should publicly-traded companies worry about most when it comes to cybersecurity?
Mark Ray: Computer hackers have an insatiable appetite for private data of all stripes, but publicly traded companies in particular have a target on their backs. The reason is that no matter the intended result of the bad guys, companies that are bought and sold on the open market can most easily achieve their ends. For example, computer hackers that are motivated by publicity or social causes, better known as “Hacktivists,” believe – and justifiably so – that the breach of a publicly-traded company will make for a better headline and yield widespread coverage from media outlets.
Hackers that are sponsored directly or indirectly by a nation-state can steal massive amounts of valuable intelligence, such as personal identifying information and personal health information, from a publicly traded company; or they can steal confidential intellectual property and trade secrets for the benefit of foreign state-sponsored competitors.
Steven Grimberg: And the most common type of computer hackers, those motivated by financial gain, see enormous opportunities in this space because of the ability to learn non-public information and then either trade on that information themselves, or sell the insider information on exclusive online criminal forums. In fact, there have been known instances of hackers compromising public entities not to steal and monetize their data, but to leak news of the compromise to the world while they cash in on their short-selling scheme.
Skroupa: Are there points of vulnerability in cybersecurity that are unique to publicly-traded companies?
Start date: March 12, 2018