BreachExchange mailing list archives
Breaches Highlight Cybersecurity Issues at PE-Backed Companies
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 12 Mar 2014 19:21:28 -0600
http://blogs.wsj.com/privateequity/2014/03/10/breaches-highlight-cybersecurity-issues-at-pe-backed-cos/ The data breaches at retailers including Target Corp.TGT -0.36%, Neiman Marcus Group and Michaels Stores Inc. shine a spotlight on the potential risks facing businesses both publicly and privately held. Private equity firms may regard those threats as even more urgent knowing that point-of-sale malware used in the cyberattacks was "relatively unsophisticated" and had likely been purchased "off the shelf from the cybercrime-as-a-service community," according to cybersecurity intelligence firm McAfee Labs. "We believe these breaches will have long-lasting repercussions," McAfee said in a statement introducing its fourth quarter threat report. "We expect to see changes to security approaches and compliance mandates and, of course, lawsuits." At private equity firms and their portfolio companies, changes are starting to happen--but according to some consultants, the changes may not be fast enough. "Dozens of large private equity firms are currently compromised, and they don't even know about it," John Watters, chief executive of cybersecurity intelligence outfit iSight Partners Inc., said in an interview last month. iSight counts Blackstone Group asBX -2.10% a customer and investor; the New York firm made an undisclosed investment in iSight in July. According to Mr. Watters, what prevents private equity-backed companies from adopting more sweeping changes is the typical hands-off approach that the firms adopt towards the management of such companies. The approach means that the sponsors are walking a fine line between maintaining the autonomy of their portfolio companies and containing cybersecurity risk more aggressively. Both the sponsor and companies it owns can benefit from what Mr. Watters calls "community defense," or sharing of information among them. For more on the actions firms are taking to address cybersecurity, read the March issue of Private Equity Analyst.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Breaches Highlight Cybersecurity Issues at PE-Backed Companies Audrey McNeil (Mar 17)