Timely disclosure to keep investors informed
These proposed amendments are designed to provide investors with timely notifications of security breaches affecting listed companies and better inform them regarding their cybersecurity risk management and strategy.
If the rules are revised as the SEC wants, the new regulations [PDF] would require disclosing the following information about breaches (if the information is available when the 8-K forms are filed):
- When the incident was discovered and whether it is ongoing;
- A brief description of the nature and scope of the incident;
- Whether any data was stolen, altered, accessed, or used for any other unauthorized purpose;
- The effect of the incident on the registrant's operations;
- Whether the registrant has remediated or is currently remediating the incident.
However, companies affected by a breach are not expected to reveal technical information regarding their planned incident response or details on potential vulnerabilities to impact their response or remediation of the incident.
"Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs. A lot of issuers already provide cybersecurity disclosure to investors," SEC Chair Gary Gensler added.
"I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.
"I am pleased to support this proposal because, if adopted, it would strengthen investors' ability to evaluate public companies' cybersecurity practices and incident reporting."
SEC wants public companies to report breaches within four days
The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're determined as being a material incident (one that shareholders would likely consider important).
"In some cases, the date of the registrant’s materiality determination may coincide with the date of discovery of an incident, but in other cases the materiality determination will come after the discovery date," the Wall Street watchdog explained.
According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K.
The amended rules would also instruct companies to provide updates regarding previously reported security breaches.
The SEC wants public companies to share regular disclosures regarding their management's role in implementing cybersecurity procedures and policies, as well as on their board of directors' cybersecurity expertise and oversight of cybersecurity risk.
"We believe that the proposed requirement to file an Item 1.05 Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident would significantly improve the timeliness of cybersecurity incident disclosures, as well as provide investors with more standardized and comparable disclosures," the regulator said [PDF].
PLEASE NOTE THIS
Malware disguised as security tool targets Ukraine's IT Army
- March 10, 2022
- 03:26 PM
A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.
Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities.
This initiative has led to a outpouring of support by many people worldwide who have been helping target Russian organizations and sites, even if that activity is considered illegal.
Mimicking a real DDoS tool
As is common with malware distributors, threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing trojan.
In a new report by Cisco Talos, researchers warn that threat actors are mimicing a DDoS tool called the “Liberator”, which is a website bomber for use against Russian propaganda outlets.
While the versions downloaded from the real site are “clean”, and likely illegal to use, those circulated in Telegram hide malware payloads, and there’s no way to tell the difference before executing them as neither is digitally signed.
-
VPN provider bans BitTorrent after getting sued by film studios
"No logs" VPN provider TorGuard has reached a legal settlement with over two dozen movie studios that sued the company for encouraging piracy and copyright infringement. In the settlement, TorGuard has agreed to block BitTorrent traffic for its users.
- March 12, 2022
- 11:01 AM
- 1
-
Android malware Escobar steals your Google Authenticator MFA codes
The Aberebot banking trojan appears to have returned, as its author is actively promoting a new version of the tool on dark web markets and forums.
- March 12, 2022
- 10:12 AM
- 0
-
Ubisoft confirms 'cyber security incident', resets staff passwords
Video game developer Ubisoft has confirmed that it suffered a 'cyber security incident' that caused disruption to some of its services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, also appears to be behind Ubisoft incident.
- March 12, 2022
- 01:16 AM
- 0
-
Windows 11 gets a new tabbed interface for File Explorer
Microsoft is testing a hidden feature that enables a new tabbed interface for Windows 11's File Explorer, which has been highly requested for years.
- March 11, 2022
- 04:42 PM
- 0
Russia bans Instagram, a week after blocking Facebook, Twitter
Russian Internet watchdog Roskomnadzor announced that Instagram will also be banned in Russia one week after blocking the Facebook and Twitter social networks.
- March 11, 2022
- 01:53 PM
- 0
DuckDuckGo down-ranks sites spreading Russian propaganda
The DuckDuckGo web search engine is now demoting websites known to spread Russian propaganda following Russia's invasion of Ukraine, according to the company's founder and CEO Gabriel Weinberg.
- March 11, 2022
- 12:09 PM
- 5
Finnish govt agency warns of unusual aircraft GPS interference
Finland's Transport and Communications Agency, Traficom, has issued a public announcement informing of an unusual spike in GPS interference near the country's eastern border.
- March 11, 2022
- 10:55 AM
- 0
New ONE PIECE anime episodes delayed after Toei cyberattack
Anime giant Toei suffered a weekend cyberattack causing delays in airing new episodes of popular anime series, including ONE PIECE and Delicious Party Precure.
- March 11, 2022
- 10:09 AM
- 0
Russian defense firm Rostec shuts down website after DDoS attack
Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "cyberattack."
- March 11, 2022
- 09:50 AM
- 1
No comments:
Post a Comment