Breaches Highlight Cybersecurity Issues at PE-Backed Companies

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://blogs.wsj.com/privateequity/2014/03/10/breaches-highlight-cybersecurity-issues-at-pe-backed-cos/

The data breaches at retailers including Target Corp.TGT -0.36%, Neiman
Marcus Group and Michaels Stores Inc. shine a spotlight on the potential
risks facing businesses both publicly and privately held.

Private equity firms may regard those threats as even more urgent knowing
that point-of-sale malware used in the cyberattacks was "relatively
unsophisticated" and had likely been purchased "off the shelf from the
cybercrime-as-a-service community," according to cybersecurity intelligence
firm McAfee Labs.

"We believe these breaches will have long-lasting repercussions," McAfee
said in a statement introducing its fourth quarter threat report. "We
expect to see changes to security approaches and compliance mandates and,
of course, lawsuits."

At private equity firms and their portfolio companies, changes are starting
to happen--but according to some consultants, the changes may not be fast
enough.

"Dozens of large private equity firms are currently compromised, and they
don't even know about it," John Watters, chief executive of cybersecurity
intelligence outfit iSight Partners Inc., said in an interview last month.

iSight counts Blackstone Group asBX -2.10% a customer and investor; the New
York firm made an undisclosed investment in iSight in July.

According to Mr. Watters, what prevents private equity-backed companies
from adopting more sweeping changes is the typical hands-off approach that
the firms adopt towards the management of such companies. The approach
means that the sponsors are walking a fine line between maintaining the
autonomy of their portfolio companies and containing cybersecurity risk
more aggressively.

Both the sponsor and companies it owns can benefit from what Mr. Watters
calls "community defense," or sharing of information among them.

For more on the actions firms are taking to address cybersecurity, read the
March issue of Private Equity Analyst.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!