#safeguarding-review

#safeguarding-review

Hasbro detected an intrusion on March 28, prompting the company to take down some of its systems. Parts of Hasbro's website appeared down, with error messages indicating maintenance.

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

TruRisk is designed to aggregate vulnerability data at the asset level and convert it into a measurable, business-aligned cyber risk score. Rather than evaluating vulnerabilities in isolation, TruRisk calculates a consolidated risk value per asset by helping security teams understand which systems pose the greatest operational and strategic risk.

As audit committees confront a rapidly expanding risk landscape, their role in corporate governance is being reshaped. Boards have often turned to current and former CFOs as independent directors, particularly for audit committees, because of their ability to translate complex operational and financial realities into effective oversight.For example, this month, J. Michael Hansen, former EVP and CFO of Cintas Corporation, was appointed to the audit committee at Paychex.

Rather than stolen data making headlines, it was business stoppage that triggered attention. Moving into 2026, the board's focus should be on ensuring business continuity and building resilience in the face of emerging risks generated by AI usage and attack vectors, quantum computing and geopolitics.

Building security into the framework of an organization prevents security from being seen as a barrier to daily activities. If an employee feels as if a security measure is inhibiting them from completing their daily tasks, they're far more likely to find a way around that measure. This can range from propping open a door to using the same easy-to-remember password for every account.

For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businesses can't absorb. With limited budgets and lean IT and security teams, organizations often focus on detection and response.

I belong to six professional organizations. Or maybe it's 13, 19, 26, or 47. I can't be sure. The ones where I pay dues or volunteer I know well: ASIS International, the Life Safety Alliance, Chartered Security Professionals, and a couple of others. Then come the niche and industry-specific associations like the International Council of Shopping Centers, public-private partnerships such as OSAC and Infragard, and the countless ASIS Communities.