Next week I’ll be flying out to Dallas, Texas to attend the AT&T Business Summit. I’ve never been to Dallas before, so hope to check out the sites and maybe even find out who did shoot JR (if you’re born after 1983 that reference probably means nothing to you).
Do Breaches Affect Stock Market Share Prices?
A common question that comes up is whether a breach actually impacts a company’s share price or not. There are varying degrees of opinions and anecdotes, but what we really need is data.
Comparitech has published a very detailed breakdown, complete with methodology and data used. Some of the key findings include:
- In the long term, breached companies underperformed the market. After 1 year, Share price grew 8.53% on average but underperformed the NASDAQ by -3.7%. After 2 years, the average share price rose 17.78%, but underperformed the NASDAQ by -11.35%. And after three years, the average share price is up by 28.71% but down against the NASDAQ by -15.58%. It’s important to note the impact of data breaches likely diminishes over time.
- Share prices of breached companies hit a low point approximately 14 market days following a breach. Share prices fall 2.89% on average, and underperform the NASDAQ by -4.6%
- After about a month, share prices rebound and catch up to NASDAQ performance on average
- After the first month, the companies we analyzed actually performed better than they did prior to the breach. In the six months leading up to a breach, average share price grew 3.64%, compared to 7.02% following a breach. Similarly, the companies underperformed the NASDAQ by -1.53% leading up to the breach but managed to outperform it by 0.09% afterward.
- Finance and payment companies saw the largest drop in share price performance following a breach, while healthcare companies were least affected
- Breaches that leak highly sensitive information like credit card and social security numbers see larger drops in share price performance on average than companies that leak less sensitive info
- Analysis: How data breaches affect stock market share prices | Comparitech
Europol Internet Organised Crime Threat Assessment 2018
Ransomware continues to be the biggest malware threat to businesses around the world, but mobile threats and cryptojacking are emerging as serious challenges, according to Europol.
The law enforcement organization’s annual Internet Organised Crime Threat Assessment (IOCTA) provides a good snapshot of current industry trends. It reflects the findings of many security vendors: that ransomware is slowing but still the most widespread financially motivate threat out there, ahead of banking Trojans — and will be so for several years.
DDoS attacks were second only to malware in terms of volume in 2017, as infrastructure becomes more “accessible, low-cost and low-risk.”
- Internet organised crime threat assessment 2018 | Europol
- Europol: Ransomware Will be Top Threat for Years | Infosecurity Magazine
- Police must target crime-as-a-service market, says Europol | SC Magazine
Ransomware Blanks Bristol Airport Screens
For two days last week, airport officially were using posters and whiteboards to announce check-in and arrival information for flights going through the airport. Which shows it’s good to have a backup system in place.
- Cyber attack led to Bristol Airport blank screens | BBC
- Ransomware hits UK's Bristol Airport, affects flight information screens | CSO Online
Run Critical Infrastructure Regardless of Malware
As threats and cyber-attacks on critical infrastructure are expected to intensify in the near future, cyber-security experts believe that companies and government agencies should be prepared to operate networks even if there's malware or a threat actor on the network or not.
The idea is that cyber-attacks should not cause downtime of any form, and networks should be designed in a way that an attacker's presence does not affect the network's availability for end users.
Experts who believe in this approach are Major General Robert Wheeler, retired US Air Force, and former Deputy Chief Information Officer for Command, Control, Communications and Computers (C4) and Information Infrastructure Capabilities (DCIO for C4IIC), US Air Force.
The Big Boys of Tech are Out of Their Depth
I came across this interesting article where the author feels sorry for the big boys of tech, Zuckerberg, Dorsey, and others in similar positions.
In many ways, I agree with the main points that these founders may not be able to fix privacy and security issues on these social platforms - but then again, I don’t think there is a suitable replacement. That’s one of the problems when you enter new realities, there are no real maps to follow. Still, an article worth pondering over.
- Mark Zuckerberg is totally out of his depth | Bloomberg