Corporate boards are increasingly being asked to play a greater role when it comes to risk management, even at the IT level. But the degree to which board information itself is secure has been questioned. Recent research from Thomson Reuters has found many instances of unencrypted board level communications, sensitive documents stored on home computers, information stored on mobile devices, information sent via personal email and board information accessed via unsecured networks. We raise this issue again in the context of scoop from Reuters about a hack last year on the Nasdaq's Directors Desk service, which is used by corporate boards to share sensitive information and collaborate. While previous reports held that the damage was minor, new information has surfaced that the damage was deeper than originally thought. In particular, rogue software was installed that allowed the perpetrators to spy on directors who logged onto the service. The software was eventually removed. It's unclear what, if any, information was actually stolen. But the FBI and the NSA are continuing to investigate. This has some of the earmarks of an advance persistent threat, perpetrators of which are increasingly are seeking high-level information and intellectual property.  Executive Assistant FBI Director Shawn Henry told Reuters that the financial services sector was losing hundreds of millions of dollars to hackers every year and that the attacks were increasingly destructive. "We know adversaries have full unfettered access to certain networks. Once there they have the ability to destroy data. We see that as a credible threat to all sectors, but specifically the financial services sector."

For more:
- here's the article