- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Aly McDevitt2022-02-03T13:00:00
DISCLAIMER: This case study depicts a fictional cyber incident based on real-life scenarios described by expert interviewees, media reports, and other publicly available resources. While the details surrounding the characters, company, and ransomware attack are imagined, the business concerns and legal issues raised are plausible and based on actual cases.
Betsy was devastated. She had single-handedly invited a criminal into her company’s inner sanctum. She might as well have opened the door of the office building to a thief and offered him (or her—it took all sorts, she reminded herself) a cup of coffee. She felt like she’d just betrayed a family member.
On that dreadful morning, she called her boss to tell him what happened—the email marked “urgent,” the typo in the email sender name, the link, the phony website, the skull and crossbones, the whole bit. She was sure he was going to fire her on the spot.
When she finally stopped speaking, she heard heavy silence on the line. She thought maybe he’d hung up on her.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
Take this self-directed, interactive immersive study of a fictional cyber event based on real-life scenarios to deepen your understanding of the importance of crisis management planning and put you in the shoes of a compliance leader during a ransomware attack.
USAA Federal Savings Bank has been hit with its third cease and desist order from the Treasury Department’s Office of the Comptroller of the Currency in the past five years for failing to correct unsafe and unsound banking practices.
Any product that uses AI needs to be safety assessed for its entire lifespan under new rules that went into effect recently across the EU. Experts warned companies using AI to tailor products could be classed as “manufacturers” and face the same duty of care as developed.
Both JPMorgan Chase and Deutsche Bank retained their respective Jeffrey Epstein relationships for too long. Yet, there is a case to be made for why exiting a high-risk relationship too soon can become an inverse form of recklessness.
Why did JPMorgan Chase retain Jeffrey Epstein for more than a dozen years? How did the relationship persist despite glaring red flags? The “why” is straightforward; the “how” is more complicated.
Jeffrey Epstein’s designation as a high-risk client should have subjected him to enhanced due diligence that never appeared to occur, most notably at Deutsche Bank. Instead, Epstein was allowed to continue his misconduct despite numerous red flags.
