Categories
Greetings and Felicitations

Aly McDevitt on Ransomware Case Study, Part 2

Welcome to the Greetings and Felicitations, a podcast where I explore topics which might not seem to be directly related to compliance but clearly influence our profession. In this episode, we conclude a two-part series with Aly McDevitt, Data & Research Journalist at Compliance Week. We take a deep dive into her recent series case study on a ransomware attack on a fictional company. Highlights include:

·      Who are hackers? What is a cyber incident response playbook and how does each person handle their roles in the event of a ransomware attack?
·      How and when should stakeholders be notified? Who and what type of notification should be made?
·      What goes into the decision to pay? What are the pros and cons of each path?
·      What are some key lessons for companies from the story?
·      A hint of what Aly may have in store for future articles and series.
Resources
Ransomware case study in Compliance Week
Aly McDevitt

Categories
Everything Compliance

Episode 96, the Spring Arrives Edition


Welcome to the only roundtable podcast in compliance. The entire gang was also recently honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Tom Fox and Matt Kelly. We conclude with our fan favorite Shout Outs and Rants.

1. Jay Rosen discusses the connection between corruption and the Russian invasion of Ukraine and the leadership differences between Presidents Putin and Zelensky. Rosen rants about Mavericks owner Mark Cuban over the allegations of former GM Donnie Nelson that Nelson was fired for reporting a sexual assault of a Maverick employee.

2. Matt Kelly looks cybersecurity and the state of proposed new rules from the SEC governing the conduct of public companies which sustain a cyber breach.  Kelly rants about West Virginia Senator Joe Manchin opposes electric cars because customers would have to wait too long at charging stations for batteries to be replaced (electric car batteries are recharged not replaced).

3. Jonathan Armstrong looks at the increase in cyber-attacks and ransomware demands and a GDPR enforcement action involving Tucker’s. Armstrong shouts out to TV show editor Marina Ovsyannikova who on live TV in Moscow, stood up to the President Putin by holding a sign which said, “Russian: “Don’t believe the propaganda. They’re lying to you here.” In English it said: “No war … Russians against war.”

4. Tom Fox discusses the recent District Court decision in the Coburn case and what it means for all involved; the DOJ, companies under FCPA investigation and counsel who perform internal investigations. Fox rants about Texas AG Ken Paxton who once again disobeyed a District Court injunction forbidding the state of Texas from investigating the parents of transgender teens for child abuse. 

The members of the Everything Compliance are:
•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Greetings and Felicitations

Aly McDevitt on Ransomware Case Study, Part 1

Welcome to the Greetings and Felicitations, a podcast where I explore topics which might not seem to be directly related to compliance but clearly influence our profession. In this episode, we begin a two-part series with Aly McDevitt, Data & Research Journalist at Compliance Week. We take a deep dive into her series case study on a ransomware attack on a fictional company. Highlights include:

·      Why this subject matter for a deep dive?
·      The research that went into the piece. How many people interviewed and how long was the research process?
·      Writing style. Locked yourself in a room and not come out until its done or more collaborative process with an editor?
·      Story Synopsis- how common is Betty’s mistake?
·      What is the role of the CIRT and MSSP? How critical was VE’s preparation to its ability to respond?
Resources
Ransomware case study in Compliance Week
Aly McDevitt

Categories
Everything Compliance

Episode 92 – the Issues in 2022 Edition


Welcome to the only roundtable podcast in compliance. The entire gang was also thrilled to be honored by W3 as a top talk show in podcasting. In this episode, we have the sextet of Karen Woody, Jonathan Armstrong, Matt Kelly and Jay Rosen. We discuss some of the key issues we will be watching in 2022.

1. Karen Woody will be watching the legal evolution around SPACs and expansion of insider trading laws. Karen shouts out to workers in the travel industry for getting travelers home during the holidays.

2. Jay Rosen reviews the considers the Holmes verdict, Tyler Schultz/whistleblowers and the celebrity BOD failure at Theranos. Rosen shouts out to Antonio Brown.

3. Matt Kelly considers the Log4j cybersecurity threat and the SEC move to regulate ESG. Kelly rants about Elon Musk selling his Tesla stock immediately before the company announces a massive product recall.

4. Jonathan Armstrong tackles several topics; ransomware, Safe Harbor, EU Whistleblower Directive, Supply Chain & China. Armstrong shouts out Nicholas Burk and synthetic ransomware attacks.

5. Jonathan Marks looks at the intersection of crypto, currency and crime. Marks rants about the inconsistent information emanating from the CDC.

6. Tom Fox rants about Novak Djokovic.  

The members of the Everything Compliance are:
•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Compliance Into the Weeds

Ransomware Attacks and Internal Controls


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a deep dive into the difference between a privacy breach and a ransomware attack.
Some of the issues we consider are:

  • Why are privacy breaches different from ransomware attacks?
  • What is an authenticated v. unauthenticated cyber-attack?
  • Why would the SEC get involved?
  • What are the internal controls need to prevent and detect a ransomware attack? How will they be audited?
  • How can a material weakness in internal controls around ransomware lead to a financial restatement?
  • What will the SEC look at from an enforcement angle?

Resources
Matt in Radical Compliance

Categories
Compliance Kitchen

Treasury’s actions against cybercrime and ransomware


In this episode, The Kitchen takes a look at the Treasury’s actions against cybercrime and ransomware.

Categories
Daily Compliance News

September 18, 2021 the Sorry Rudy edition


In today’s edition of Daily Compliance News:

  • Court denies Giuliani request to withhold documents. (WSJ)
  • Companies grapple with the Covid vaccine mandate. (WSJ)
  • IMF chief denies undue influence. (NYT)
  • Treasury to tackle ransomware. (WaPo)
Categories
Fraud Eats Strategy

The Anatomy of a Ransomware Attack – Part 1

Ransomware is a type of malware used by criminal organizations to gain unlawful access to computer networks and encrypt the data stored on those networks and render it unusable. The criminal organization then holds the data hostage until a ransom payment is made. If the ransom is not paid, the victim organization’s data will either remain encrypted and unusable or it could be released to the public. The attack on Colonial Pipeline showcased not only how ineffective cyber security can be. It also served to illustrate the potential scale of disruption that can be caused when ransomware attacks target critical infrastructure.

>

Join us each week as we take a deep dive into the various forms of fraud across the world and discuss crime families, penny stock boiler rooms, international money launderers, narco-traffickers, oligarchs, dictators, warlords, kleptocrats and more.

Scott Moritz is a leading authority on white-collar crime, anti-corruption, and in the evaluation, design, remediation, implementation, and administration of corporate compliance programs, codes of conduct. He is also considered an authority in the establishment, training, and oversight of the investigative protocols carried out by financial intelligence, corporate security, and internal audit units.