Skip to content
Article

After a Cyberattack, Assigning Blame Can Get Personal

June 7, 2024 | 1 minutes reading time | By Jim Romeo

The prosecution of a chief information security officer leaves other CISOs and their IT, compliance and risk management peers to wonder who might be next.

In the aftermath of a cyberattack, analysts seek to identify its cause or source in a task known as attribution. With assistance from government agencies and other threat intelligence, many of today’s most damaging breaches are traced to “state actors” such as those with ties to North Korea or Russia.

It is attribution of a different sort – assignment of legal liability to corporate executives – that is worrying chief information security officers (CISOs), and perhaps by extension, others responsible for risk, compliance and control functions.

“They’re Coming After Us,” read an Information Week headline about a panel discussion at the recent RSA cybersecurity convention on “the modern perils of the CISO position and . . . an escalating threat landscape that threatens to blow back on senior security executives.”

The issue was triggered by a case involving one of the participating panelists, Joseph Sullivan. Investigated for his handling of cyberattacks while serving as chief security officer of Uber Technologies, Sullivan was convicted in September 2022 on federal charges stemming from an attempted cover-up of a 2016 incident....

to access this content.

Become a GARP Member to Unlock Exclusive Risk Insights and More!

  • Access timely articles, thought leadership, and an archive of on-demand webcasts, event recordings, and Chapter meeting presentations in our Member Multimedia Library.
  • Get regulatory capital data for global and regional banks in North America, Europe, Asia, and Africa through our Pillar 3+ data analytics platform from the GARP Benchmarking Initiative (GBI®).
  • Gain priority registration to attend any worldwide Chapter meeting for free, as well as preferential rates for GARP events and access to local members-only dinners and professional networking opportunities.
  • Receive comprehensive access via our digital GARP Learning platform to the latest curriculum readings, videos, end of chapter practice questions, and more for the program(s) of which you passed the exam(s).

Topics: Cybersecurity

Advertisement

Share

Trending