Half of UK consumers do not trust firms with personal data

Businesses face far more than just fines for non-compliance with the EU’s General Data Protection Regulation, a survey has revealed.

Half of UK consumers polled said they do not trust companies with their personal data, and many are willing to take legal action against those who do not comply with the GDPR, according to a study commissioned by security firm Thales.

Only one in five (20%) of UK consumers claimed to trust financial institutions with their information; 23% said they trusted healthcare providers, but retailers are trusted by just 6%.

Thales eSecurity’s 2017 Data Threat Report revealed that two in five retailers globally have experienced a data breach in the past year, and a third had suffered more than one.

More worryingly, 70% of UK consumers believe their information has been made available for sale online by cyber criminals.

However with the EU GDPR’s implementation just over six months away, three-quarters of UK consumers (76%) believe increased regulation will improve the privacy of their online data.

The research revealed more than a third (37%) of UK consumers had heard of the GDPR and almost two-thirds (57%) of these could explain it to some degree.

Privacy of consumer information

Aware of the GDPR, and what it means for the privacy of their information, the study report said consumers appear to be willing to take a stand against those organisations that fail to comply, with 58% of UK respondents claiming they would consider legal action.

More than three-quarters (79%) of respondents said they would consider taking their business to another company if the one they were dealing with did not comply with the regulation, while 69% suggested they might report a non-compliant organisation to the relevant industry watchdog.

More than three-quarters of UK consumers (77%) suggested a failure to comply with the GDPR would negatively impact their perception of an organisation.

Intended to improve personal data protection and increase accountability for data breaches, the GDPR presents a significant challenge for organisations that process the personal data of EU citizens, regardless of where the organisation is headquartered.

The survey reveals businesses are concerned the new data privacy regulations will have a negative impact on their operations and international relations, and that there are a number of reasons why organisations may have more to fear from the GDPR than just consumer action and fines.

Some 63% of UK-based organisations believe implementing measures to become GDPR-compliant will increase the level of complexity and bureaucracy in their business.

Almost half (49%) are concerned the GDPR will hinder their organisation’s innovation to some degree, and one in five (21%) expect GDPR to have a negative impact on relationships with their international partners.

While 22% of UK businesses believe the GDPR will lead to fewer data breaches, almost a third (32%) are concerned its implementation will actually result in an increased number of breaches.

GDPR’s effect on business operations

Despite these concerns, more than a third of UK organisations (37%) remain optimistic that the GDPR will have no effect on their business operations.

“As a result of recent and ongoing data breaches, digital privacy remains top of mind for consumers,” said Jim DeLorenzo, solutions manager for GDPR at Thales eSecurity.

“With the deadline for compliance with the GDPR fast approaching, law firms and compensation companies will begin to focus their efforts on fighting for consumer rights, and organisations could find themselves facing multiple legal challenges in addition to the hefty fines provided by the regulation.

“The GDPR is a change of legislation that well and truly puts the onus on organisations to get their houses in order, and the clock is ticking,” he said.

DeLorenzo said that to help businesses make sure they are ready for GDPR, Thales eSecurity has compiled some guidelines and resources.

Go to Source

Toronto lawyer’s website ‘trivialized’ sex crimes, law society alleges

The website of a Toronto criminal-defence lawyer trivialized sex crimes and violated the legal profession’s rules on advertising, the Law Society of Upper Canada alleges.

Veteran defence lawyer Craig Penney faces disciplinary proceedings before a law society tribunal over what he called “case studies” that were posted between 2014 and 2017 on his website to appeal to prospective clients, mostly men, who were charged with sexual assault.

The law society alleges in a notice filed with the tribunal that the material Mr. Penney posted “tended to trivialize crimes of a sexual nature and minimalize the experience of members of the public who have complained of crimes of a sexual nature.”

Story continues below advertisement

On web pages that now appear to be offline, Mr. Penney recounted the stories of former clients such as “Rico,” who was described as “exploring a woman’s home” when his “wardrobe malfunctioned, and his penis made a brief escape.”

According to a police report posted with this account, the accused had claimed to be a plumber looking for the source of a water leak to gain entry to the woman’s home before rubbing up against the victim and undoing his pants to expose himself.

The “Rico” case study, along with similar material on Mr. Penney’s website and those of other defence lawyers, were the subject of a 2014 academic paper by Elaine Craig, an associate professor of law at Dalhousie University in Halifax. Her research looked at the websites of criminal-defence firms in Canada that specialize in sex-assault charges.

Prof. Craig argued many of the websites she found relied on “outdated assumptions” about sexual assault and might be violating the profession’s codes of conduct. Her paper prompted some in the criminal-defence bar to change their websites.

Mr. Penney, who graduated from York University’s prestigious Osgoode Hall law school in 1992, has represented a wide variety of defendants in his career, including a security guard who shot and killed two men at an East End McDonald’s in 2015.

Mr. Penney did not respond to requests for comment this week. In 2014, asked to comment on Prof. Craig’s original article, Mr. Penney responded in an e-mail to The Globe and Mail by defending his website while acknowledging that he used “levity in my case studies.” He accused Prof. Craig of cherry-picking from his material.

“The information on my websites exists as a resource for people who have been charged with a criminal offence,” he said in his 2014 e-mail. “It should not come as a surprise that that information does not appeal to everyone.”

Story continues below advertisement

The Law Society of Upper Canada’s rules ban lawyers from advertising that is “not in the best interests of the public,” is “inconsistent with a high standard of professionalism” or that brings the profession into disrepute.

In its brief notice in the case, issued in September, the law society also says Mr. Penney’s website portrays him as “aggressive,” which is considered off-limits for legal advertising. When contacted by The Globe and Mail, the law society would provide no other specific information about its allegations.

In an e-mail, law society spokeswoman Susan Tonkin said the regulatory body also set up a new “strategic priority team” in its professional regulation division to investigate and prosecute lawyers who break the rules on advertising. The law society would not say if other lawyers with similar advertising aimed at those charged with sexual assault were also facing professional discipline.

The law society’s tribunal can mete out reprimands and suspensions or strip a lawyer of his licence to practice.

Go to Source

Offshore oil service firms dominate North American energy bankruptcies

HOUSTON (Reuters) – Offshore oil drilling and service companies, hurt by the energy industry’s shift to lower-cost shale and away from deepwater projects, are dominating the year’s energy bankruptcies in North America, according to law firm Haynes and Boone.

There were fewer oilfield service companies seeking protection this year than last but those that did have had larger debts. Through October, 44 oilfield services companies filed for bankruptcy in the United States and Canada owing creditors $24.8 billion, compared with 72 companies and $13.48 billion for all of 2016.

Just two offshore companies accounted for 45 percent of the total owed creditors this year, the law firm’s figures show. Deepwater offshore services firm Seadrill Ltd’s (SDRL.OL) September filing was the largest bankruptcy this year with $8 billion in debts, while Ocean Rig UDW Inc ORIG.O filed owing $3.6 billion.

On Nov. 12, another offshore driller, Pacific Drilling [PDSAX.UL], filed for bankruptcy protection with $3.2 billion owed to creditors. That filing was not included in the survey.

Oil prices have rebounded this year with the U.S. benchmark CLc1 up 22 percent in the last 52 weeks to about $55 a barrel. That gain has stirred onshore drilling and production but has not been enough to boost the more costly offshore and deepwater drilling.

“If you’re going to get $50 a barrel oil you want the cheapest way of getting that barrel and offshore isn’t it,” Ian Peck, chairman of Haynes and Boone’s restructuring practice group, said in an interview.

The law firm’s survey of energy bankruptcy filings in the United States and Canada also shows a sharp reduction this year in the number of bankruptcy filings by oil and gas producers and by energy pipeline and storage firms.

Twenty North American oil and gas producers have filed bankruptcies so far in 2017 owing creditors $5.6 billion, down from $56.8 billion owed across 70 filings for all of last year.

“The noise has died down quite a bit on the producer side,” Peck said.

Only four energy processing, transportation and storage companies have filed for bankruptcy through October, with debt totaling $2.71 billion, compared with 13 filings in all of 2016 for a tally of $11 billion. There were no bankruptcy filings by North American gathering, transportation and storage firms since April, the law firm said.

Reporting by Bryan Sims; Editing by Gary McWilliams and Steve Orlofsky

Our Standards:The Thomson Reuters Trust Principles.

Go to Source

The world’s strongest conservation law is under attack. It needs to be fixed instead.

Peter S. Alagona is an associate professor of history, geography and environmental studies at the University of California at Santa Barbara. James Salzman is the Donald Bren Distinguished Professor of Environmental Law with joint appointments at the UCLA School of Law and at the Bren School of the Environment at UCSB.

The strongest conservation law enacted by any country, the Endangered Species Act, is under attack. Again.

Over the past three decades, bills in every Congress have sought to weaken the act, undermining a crucial law that most Americans support. The 44-year-old law needs reform, but not like this.

Passed with nearly unanimous bipartisan support and signed by President Richard Nixon in 1973, the Endangered Species Act is not just a law; it is a moral pledge to protect plant and animal species from going extinct. The law mandated use of the best available science, making clear that political and economic factors should not determine which species to protect.

This consensus did not last long. The new law had teeth. To the surprise of many, it stopped the development of a Tennessee dam in 1978 that would have wiped out a local fish. Since then, critics have denounced it as federal overreach and a threat to property rights. Supporters counter that these complaints are overstated. The act works. Since its passage, only 10 of the Endangered Species Act’s more than 1,600 protected species have gone extinct despite a tripling of gross domestic product and a population increase of more than 100 million people in the United States.

Rather than seeing the measure for what it is — a product of its time with strengths and weaknesses — it has become a polarizing issue in American politics. You’re either for it or against it. Past bills targeting the Endangered Species Act have failed due to Democratic pushback and public disapproval, but this year, with a Republican Congress and White House, may be different.

Five bills, four of which have been around in one form or another since the Reagan era, threaten to weaken the law. To look at just two, Rep. Pete Olson’s (R-Tex.) bill would prevent listing threatened species if doing so would cause significant economic effects. This would change the very purpose of the law. The Endangered Species Act would become the Endangered Innocuous Species Act. Rep. Dan Newhouse’s (R-Wash.) bill would require that federal agencies use scientific data submitted by state, tribal or county governments in its listing decisions, even if it is biased or inaccurate.

These proposed amendments would make it more difficult to add species for protection, stalling conservation efforts. More important, neither these nor the other bills would make the law more efficient or effective.

So what kind of reforms would actually improve the Endangered Species Act and further its moral mandate? As a starting place, follow the money.

As any student of economics knows, incentives matter. The fundamental political problem with the act is that its incentives don’t match its ethics. Conserving endangered species benefits everyone in society, but a small number of people bear the cost — usually the landowners whose property use could be restricted if a protected species turns up.

Having an endangered species on one’s land can too often be seen as a burden. Roughly 90 percent of endangered species may be found on private lands, so this is not a small issue. Reforms should focus first and foremost on shifting the perception of endangered species as a liability into a potential asset.

Tax incentives and subsidies are available in many areas of conservation. Forty million acres are protected under conservation easements, many encouraged by tax deductions. Farmers and ranchers accept billions of dollars for habitat protection and restoration. The farm bill’s Working Lands for Wildlife program, for example, supports species conservation on almost 7 million acres, but we don’t usually think of the Endangered Species Act through this prism. Why not shift funds or provide deductions for landowners who successfully enhance and maintain their habitat for endangered species? This would be far more targeted than traditional subsidies.

Since the 1990s, the government has developed creative programs that reduce the cost of complying with the law by giving landowners more flexibility. Millions of acres have been enrolled in conservation plans that protect habitat in some areas while allowing development in others, in markets that reward entrepreneurs who create species habitat to offset losses elsewhere and in proactive efforts to prevent species from getting listed in the first place. None of these was envisioned in the original law. Each has flaws. But these and other programs suggest a practical path forward. Why not revise the Endangered Species Act to encourage more such programs that allow firms and individuals to take the lead in advancing conservation?

Reform is not a binary choice between weakening the law or keeping the status quo. There is a better path.

Go to Source

SheriaSoft takes law firm tasks to cloud

Corporate

SheriaSoft co-founders Dedan Kihatu Mwangi (left) and Dennis Gachoki. PHOTO | ANGELA OKETCH | NMG
SheriaSoft co-founders Dedan Kihatu Mwangi (left) and Dennis Gachoki. PHOTO | ANGELA OKETCH | NMG 

SheriaSoft’s LPM is a cloud-based software that caters to small and medium-sized law firms. It’s one of the ‘Big Four’ in Kenyan legal software along with WakiliCMS, E-Wakili and document assembly app Uwakili. 

It was conceptualised in 2013. It has quickly risen to prominence over older, more established practice management software.

With the exception of Uwakili, Sheriasoft and the other two solutions offer very similar features — contact management, time-tracking, matter and bring-up management, automatic calendaring, and data encryption.  But how does SheriaSoft shape up to the competition? 

SheriaSoft focuses on the basic features of matter management and highlights the key fields. Navigation is via a side panel which is straight forward.

SheriaSoft has a standard dashboard which summarises the users key data and from where certain actions can be performed quickly. The system has basic invoicing and calendaring modules.

SheriaSoft is a simple system and is aimed at the smaller firms or novice users. However, large practice firms can sign up. The subscription allows users to access the system via the web.

The co-founders made it a priority to focus more on computer and mobile responsiveness as opposed to building a native app. They say they did not want to “over-engineer” the product.

They took a mobile-first approach and designed the product to be cloud-based and mobile responsive.

At first glance, you can tell that the team took its time with the aesthetics.  It is very intuitive. The programme’s dashboard highlights upcoming tasks and schedule for the week or whatever time period you set. 

You can also set up a daily reminder for your schedule for that day, or you can receive an email that outlines your day. The search function is conveniently available from any screen for you to quickly pull up a client or matter.

It also highlights how many fee notes are open and which ones are overdue. 

SheriaSoft’s notable features include a custom client intake form. Every firm has to ask different questions in the client intake process depending on what kind of law they practice. 

SheriaSoft allows you to create as many custom intake fields as you want. The best part about their Client Intake is that it can integrate with the contact form you put on your website. 

The software’s automated communication system allows you to send updates straight to a client.  Of course, you get to choose how much or how little you want to send to the client. An Internet chat lets staff within the firm communicate in an internal chat box similar to Google’s Gchat. 

Many legal software companies offer a tiered pricing system with some features only enabled on the premium version.

SheriaSoft gives you access to every feature for Sh1,250 per user for law firms and Sh2,000 per user for legal departments.  This is competitively priced. They have integrated it with PesaPal where users can pay for subscriptions in advance.

Despite its youth, Sheriasoft is the best investment for firms going forward.

Go to Source

Oxford University votes against elitist gowns at law debates

By: PTI | London |
Published:November 15, 2017 10:31 pm


The prestigious Oxford University has voted to lobby for a ban on students in the Law Faculty wearing elitist gowns for debates as part of the course work. Oxford Students’ Union (SU) passed a motion with 38 votes in favour of working towards a ban on the wearing of scholars’ gowns which distinguish high-performing students from the more average ones at moots, or mock trials staged by students.

The union branded the practice as “damaging” because it creates an “unconscious bias” among examiners, according to the university students’ newspaper ‘Cherwell’.

The motion, passed last week, has mandated the Oxford SU vice-president for Access and Academic Affairs Catherine Canning to petition the Law Faculty to change their policy on wearing gowns in moots, which are mock law cases that all law students are required to take part in to complete their degree at the university.

“As with viva examinations, the fact that you are judged in person in moots means that the gown worn may have more significance or lead to unconscious bias. This issue should be distinguished from scholars’ gowns in written exams where examiners do not see the candidate,” said Canning. The motion was proposed by Thomas Howard, a second-year law student at Magdalen College, Oxford University.

According to the motion, “judges, sometimes from leading law firms and chambers, may have unconscious bias based on the gowns worn”. Howard argued that it seemed unfair to differentiate between participants of a moot, as there is no direct correlation between exam performance and oral argumentative ability.

“This is damaging for those in a commoners’ [outfit] and can be for the scholars too since the judge may expect more of them,” he said while speaking about the unconscious bias. The Students’ Union had organised a student-wide consultation about abolishing scholars’ gowns across the board earlier this year.

Many who were in favour of the change criticised scholars’ gowns for creating “an academically hierarchical environment”. But the consultation had revealed that 63 per cent of students were in favour of keeping the current scholars’ gown system, therefore a more wider ban on wearing of the gowns during examinations was dismissed.

For all the latest Education News, download Indian Express App

Go to Source

Contracting Firms Should Prepare for the Inevitable Crisis

Susan Shelby
Susan Shelby

Bodily harm and serious property damage are major risks when dealing with heavy equipment and busy construction jobsites, despite strict adherence to safety priorities and regulations. Construction firms designate ample time and resources to their safety programs, supervisors and training but frequently fail to plan for handling a crisis.

Crisis situations arise daily and can happen to any firm at any time. How a company prepares for, reacts to and recovers from such events will determine its reputation, trustworthiness and, potentially, its livelihood going forward. 

Many crises are preventable and recoverable if companies do two simple things: honestly assess and correct their operational risks and prepare and rehearse a crisis communications plan. This plan should determine the roles, protocols and processes so that the company can best control its narrative at a time when getting the story right matters most.

It is important that companies view crisis communications planning as a necessary and strategic part of doing business and conduct preparedness exercises to respond quickly and ethically in a challenging moment. Remember, it is in times of crisis that reputations are either earned or lost.

Before a Crisis

Leaders can prepare for a business-threatening emergency by understanding the company’s goals and operational risks, how it communicates with key stakeholders and whether it needs outside, specialized partnerships to support a crisis response.

Peter Hillan
Peter Hillan

Assess the potential threats and occupational risks and identify the employees, customers and suppliers who would be involved in outreach. Dedicate regular training time for scenarios that are most likely to occur, such as jobsite accidents, data breaches and regulatory hurdles. That preparedness helps to develop muscle memory with internal decision-makers.

Organize a crisis response team (CRT) with a designated crisis manager as the leader, an OSHA safety coordinator and a deputy crisis manager to handle the administrative tasks. Ahead of a crisis, form relationships with a law firm, an IT forensics firm and a communications coordinator, who will manage public relations, traditional and social media, and the website. Create a concisely worded, one-page document that lists the CRT, with contact information as well as brief instructions for handling a crisis.

Update the crisis plan and train regularly. Keep the plan easily accessible in the cloud, augmented with small, laminated print versions for distribution to field staff.

A crisis is not the time to learn how to talk to or establish conduits with stakeholders and the media.

Identify potential spokespeople and arrange for thorough media training. All staff should know how to report a crisis to the CRT, how to identify the crisis manager and where to refer inquiries. Consider creating an email alias to distribute updates to key staff.

During a Crisis

When an accident happens or a critical issue arises, it is time to activate the crisis team and gather information to assess the situation. The company’s goal should be to control its own narrative at a time when others are likely to create competing and less-informed story lines. In short order, companies should do the following:

  • Determine which trained spokesperson is best suited for being the public voice—someone to match the gravitas of the situation.
  • Inform employees and key partners.
  • Maintain active outreach throughout the crisis as new information arrives.
  • Instruct staff to refer all calls to the appointed crisis communications coordinator and log all incoming media inquiries, noting time, name, media outlet, phone number, email, follow-up achieved, and any actions that are still needed.

Be prepared for television and radio crews to arrive at the jobsite and company headquarters. Ensure that the designated spokesperson is available and prepared for in-person interviews. Keep information accurate by preparing written statements and a fact sheet to be distributed to media and key stakeholders. Place a priority on responding to all inquiries as soon as possible, maintaining a polite and humble demeanor and expressing genuine sympathy for any victims.

Be accountable if your company bears fault.

Provide stakeholders and the media with as many timely facts as possible. Being the primary source of information will maintain the company’s visibility and its control of the narrative. Be truthful and don’t respond with a “no comment.” Be accountable if your company bears fault. Apologize and explain what happened and what is being done to fix it.

Remember that nothing is truly off the record. Anything in writing should be appropriate for the stake­holders and the media to see, whether the email is responding to an internal or an external email. Work with the company’s law firm to protect and review privileged communications. Track media coverage and request corrections to amend false information as needed.

Commit to responding to any immediate needs created by the crisis and give a detailed description of what steps the company is taking to rectify the situation. Avoid speculation and provide answers to the following questions:

  • What happened?
  • Who or what is responsible?
  • Why did it happen?
  • Were there any deaths or injuries?
  • What is the extent of the damage?
  • Is there any danger of future damage or injuries?
  • What is being done about it?
  • When will it be over?
  • Has it happened before?
  • Were there any warning signs?

Today’s world moves at the speed of a tweet. Leverage social media to gauge the sentiments of public reaction as well as disseminate updates. Carefully monitor and participate in online conversations, staying accurate and brief and avoiding emoticons and abbreviations or jargon. Pause or delete any unrelated planned posts that were scheduled to appear on any social media channels.

After a Crisis

When the crisis has passed, everyone breathes a sign of relief. However, the process does not stop here. The recovery phase is a crucial chance to demonstrate a company’s dedication and trustworthiness and re­affirm its reputation. Review stakeholder feedback and media coverage to assess reputational damage and determine what steps need to be taken. It is often best to go “above and beyond” to reassure stakeholders. 

Hold an internal debriefing to analyze what worked, what did not work and what should have been done differently, then adjust the crisis communications plan as needed. Distribute the modified plan and consider updated training.

Even with safety precautions and good business practices, accidents do happen. Prepare now to prevent any of them from turning into a reputational crisis.

Susan Shelby is the president and CEO of Rhino Public Relations, a full-service PR and marketing agency focused on meeting the unique needs of professional services firms. Follow her at @RhinoPRBoston or visit www.rhinopr.com.

Peter Hillan is a partner at Banner Public Affairs, a full-service government relations and crisis communications firm. He specializes in managing risk assessment and communications preparedness as well as responses with elected officials, corporate boards, executives and global leaders. For more information about Banner, visit www.bannerpublicaffairs.com.

Go to Source

U.S. intelligence warns high-tech firms of flaws in software – and often gets ignored

The U.S. government informs software companies of 90 percent of the security flaws the intelligence community finds in their products, but a significant number of vendors ignore the warnings, the federal cyber czar said Wednesday.

Rob Joyce, the White House cybersecurity coordinator, said many high-tech firms act quickly to issue patches when told of vulnerabilities. But some firms balk, leaving consumers exposed.

“We’ve gone to companies and told them, ‘Here’s a flaw. It needs to be fixed in your device.’ And they’ve said, ‘That’s great but we’re telling customers they need to buy our new, shiny, next-generation thing, right?’ So they have no intention of patching,” Joyce said.

Joyce made the remarks at the Aspen Institute, a nonpartisan think tank, in a presentation in which he pulled the curtain on the once-secretive process by which the government decides when to tell tech firms of vulnerabilities discovered in their wares.

He refuted the notion that U.S. intelligence agencies, which have been hit by recent leaks of offensive cyber tools, have kept secret their knowledge of numerous flaws in software in order to deploy it for surveillance.

“There’s rumors of this vast stockpile,” Joyce said. “Reporters in the room, please help me. ‘Hoards’ and ‘stockpiles’ should not be words in your articles. It’s factually inaccurate,” Joyce said.

Joyce, who once led the National Security Agency’s elite Tailored Access Operations unit entrusted with developing and deploying cyber weapons, said the U.S. government leads the world in debating how and when to tell tech companies about flaws in their products.

We’re more than 90 percent disclosing through this process.

Rob Joyce, White House cybersecurity czar

“The vast majority are communicated. We’re more than 90 percent disclosing through this process,” Joyce said.

The framework for telling industry about holes in software has long been secret. Under pressure from the high-tech industry and privacy advocates, which feared that the government had amassed powerful exploits found in their software, the government made partial details of the process public in January 2016. Wednesday’s announcement marked the first time the revised Vulnerabilities Equities Process, contained in a 14-page document, was declassified.

A White House fact sheet said an inter-agency group would consider four areas in deciding whether to disclose: defensive purposes, law enforcement and intelligence value, possible harm to industry by retaining the flaws, and whether international partnerships would be hurt by disclosure.

Joyce said in a blog post that the small percentage of software flaws that the government keeps secret from industry would be protected “as carefully as our military services protect the traditional weapons” of war.

Industry critics have said past government policies on disclosure were doing more harm than good. The debate surged in April when a murky group known as the Shadow Brokers began releasing what it said were sophisticated hacking tools filched from the NSA.

Criminal groups used some of the coding from those hacking tools in global attacks in May and June that froze the hard drives of hundreds of thousands of computers worldwide. One wave of attacks that began in the Ukraine June 27 is estimated to have cost shipping, pharmaceutical, logistics and other companies at least $1.2 billion in lost revenue.

Signs that the government had tipped off the private sector about flaws occurred earlier in the year. Microsoft, the Redmond, Washington, software giant, issued a statement in April saying it had already patched the flaws that the stolen hacking tools utilized, indicating that it had received information in advance of the Shadow Brokers’ release.

Federal officials and executives of high-tech companies have kept largely silent about how the vulnerabilities program has been implemented.

In its release Wednesday, the Trump administration said it would offer to companies “the vast majority” of vulnerabilities identified by government researchers. But in some cases, it said, such flaws would not be revealed.

“We need these capabilities to protect our troops in combat, to produce the intelligence that guides the leadership decisions of the nation, to prosecute in criminal spaces,” Joyce said.

Officials from an inter-agency group debate when software flaws should or should not be disclosed, he said, noting that representatives from the departments of Defense, State, Homeland Security, Commerce, Energy, Treasury, and Justice as well as officials from the NSA, CIA, the FBI and the Office of Management and Budget have a voice in the debate.

Missing from the committee are employees of some agencies, such as the Food and Drug Administration, that may oversee areas affected by a crescendo of global hacking.

Joyce said some agencies lacked employees with security clearances to take part.

In some cases, the government is constrained from releasing flaws it discovers, he said. Those cases include when the flaws are shared with an ally nation and that country has active intelligence operations underway, or when a flaw has been purchased from a private contractor and carries contractual stipulations.

A number of small firms of engineers and hackers, inside and outside the United States, identify and sell exploits, sometimes known as “zero days” because they give victims zero time to throw up cyber defenses. Prices can top $1 million for a major exploit.

Joyce said that as the leader of the inter-agency review process, he must review details of any flaw that the government keeps secret, and that such reviews must recur every six months.

Go to Source

Financial Services Firms Unable to Innovate as Technologists Lack Boardroom Influence, Warn IT Leaders in New Report

  • 78% of IT leaders believe senior executives do not understand
    technology and 81% are frustrated by unrealistic C-suite expectations
  • 86% have recently failed to get traction on a major digital project

Technology departments in financial services firms are unable to
innovate with technologies like Artificial Intelligence and Blockchain
because they have lost influence in boardrooms, according to leading
Information Technology (IT) executives working in the financial sector.

A survey of over 200 European IT decision makers commissioned by Excelian,
Luxoft Financial Services
reveals that 86% of respondents have
recently championed a major digital project that failed because it did
not get past the boardroom. IT executives believe misconceptions about
technology by executives are partly to blame for these failures – 78%
agree that senior executives do not understand technology and 81% are
frustrated by unrealistic demands to innovate with new technologies
whilst also having to cut costs.

Excelian, Luxoft Financial Services – the financial services
division of Luxoft,
a global IT service provider – today published Confessions
of a CIO
, a report which reveals the biggest frustrations
of IT executives working in capital markets, wealth management and
corporate banking in the UK, Germany, Austria and Switzerland.

The report shows IT executives working in the UK are particularly
frustrated by senior colleagues being unable to grasp new technologies –
85% of respondents in the UK agree that senior executives do not
understand technology well enough, compared to 76% in Germany, 75% in
Austria and 87% in Switzerland.

With a lack of understanding of technology, comes unrealistic
expectations about how it should be implemented. 81% of respondents are
frustrated by unrealistic expectations from the C-suite, with 22% going
further by saying a lack of support from senior executives keeps them
awake at night. As such, IT professionals are not being given the tools
they need to innovate and some financial institutions are being left
behind in the digital revolution by faster acting competitors.

Tensions in financial services IT departments are reaching boiling
point
,” said Roman
Trakhtenberg, Group Managing Director and Global Head of Excelian,
Luxoft Financial Services
.Technologists
in finance want to be the gateway to innovation but right now they are
unable to influence decisions at the top. Instead, IT professionals in
finance are stuck dealing with internal legacy systems and imminent
cyber-risks, and are not getting the support they need to implement real
change.

The report also shows that although top executives want the company to
innovate with technology and most understand its importance to the
business, IT departments remain underfunded. 85% of respondents say that
the CEO understands the importance of technology within the business,
but 78% are frustrated by a lack of IT investment – 31% also say budget
cuts keep them awake at night. UK based respondents working for small to
medium sized financial institutions were particularly frustrated, with
nearly all (97%) agreeing they needed more investment – whereas only 76%
of UK respondents working for larger firms expressed the same
frustrations.

The case for increased IT investment at banks in Europe was recently
strengthened in September as the European
Commission announced it is looking at ways to treat expenditure on IT
systems as a cost rather than investment
– meaning IT spend may
no longer be deducted from banks’ capital ratios when calculating
capital requirements, which may free up additional budget. This could be
a particularly important EU initiative as 75% of respondents today are
frustrated that technology is treated as a commodity by the business,
meaning they believe financial institutions do not take into account the
future value of technology and see it only as a cost when looking at the
company’s balance sheet.

Despite this, Confessions of a CIO shows that mounting pressures on IT
departments, including cost saving initiatives since the financial
crash, mean IT leaders have lost the ability to innovate. IT executives
are unsure about how to encourage more innovation, but 41% believe a
change in their businesses culture is needed in order to embrace digital
innovation. Half of German-based respondents say their business needs a
cultural change – only 43% of Swiss-based respondents, 37% of UK-based
respondents and 35% of Austrian-based respondents agree.

It is harder than ever working as an IT executive in a financial
institution
,” explained Roman Trakhtenberg. “They are
underfunded, underappreciated and are often not taken seriously by their
non-technical senior colleagues.
CIOs and technology leaders need
to strengthen their hand in the industry if we are to finally propel the
financial sector into the digital age.”

About the Research

Excelian, Luxoft Financial Services commissioned independent research
agency Censuswide to conduct a survey of 202 IT Decision Makers in the
financial services sector, specifically in capital markets, wealth
management and corporate banking in companies with over 500+ employees;
102 in the UK; 50 in Germany; 30 in Switzerland; 20 in Austria. The
survey was conducted in August 2017. Excelian, Luxoft Financial Services
also interviewed eight senior IT executives at tier one financial
institutions under conditions of anonymity to understand their specific
frustrations.

About Luxoft

Luxoft (NYSE:LXFT) is a global IT service provider of innovative
technology solutions that delivers measurable business outcomes to
multinational companies. Its offerings encompass strategic consulting,
custom software development services, and digital solution engineering.
Luxoft enables companies to compete by leveraging its multi-industry
expertise in the financial services, automotive, communications, and
healthcare & life sciences sectors. Its managed delivery model is
underpinned by a highly-educated workforce, allowing the Company to
continuously innovate upwards on the technology stack to meet evolving
digital challenges.

Luxoft has more than 12,800 employees across 42 offices in 21 countries
within five continents, with its operating headquarters office in Zug,
Switzerland. For more information, please visit the website.

Forward-Looking Statements

This news release of Luxoft Holding, Inc (“Luxoft”) contains
“forward-looking statements” within the meaning of the Private
Securities Litigation Reform Act of 1995, Section 27A of the Securities
Act of 1933, and Section 21E of the Securities Exchange Act of 1934.
These forward-looking statements include information about possible or
assumed future results of our business and financial condition, as well
as the results of operations, liquidity, plans and objectives. In some
cases, you can identify forward-looking statements by terminology such
as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,”
“should,” “plan,” “expect,” “predict,” “potential,” or the negative of
these terms or other similar expressions. These statements are subject
to, without limitation, the risk factors discussed under the heading
“Risk Factors” in Luxoft’s Annual Report on Form 20-F for the year
ended March 31, 2017 and other documents filed with or furnished to
the Securities and Exchange Commission by Luxoft. Except as required by
law, Luxoft undertakes no obligation to publicly update any
forward-looking statements for any reason after the date of this news
release whether as a result of new information, future events or
otherwise.

All trademarks are recognized and are the property of their respective
companies.


Go to Source