Last week wiredFINANCE looked at the data breaches Verizon had turned up in its latest data breach investigation. Often you don’t even realize your data has been compromised until the data is being misused, and not always even then.

If you needed any reinforcement of those findings, IBM just released its mid-year X-Force Trend and Risk Report. It turns out that public and private organizations around the world faced increasingly sophisticated, customized IT security threats in 2011. The report documents a rapidly changing security landscape characterized by high-profile attacks, growing mobile vulnerabilities, and more sophisticated threats, such as whaling, which is a form of phishing attack that focuses on a small targeted group within an organization. Phishing attacks spoof the intended victims’ trusted websites for the purpose of deceiving them into giving up valuable data.

The IBM X-Force team serves as the eyes and ears for thousands of IBM clients – studying security attack techniques and creating defenses before many vulnerabilities are even announced. You can access the latest X-Force report here. One way to counter these threats is through the 20 Critical Controls strategy. more

In my previous entry, I referred to findings from BDO USA’ recent survey of public company boards. This week, I chatted with Wendy Hambleton, a partner in BOD USA’s corporate governance practice, to hear what she makes of the same survey findings and how she sees risk management being treated in the board room right now.

Eric Krell: What is the chief focus of public company boards today?

Wendy Hambleton: According to our recently completed survey of public company boards, risk is currently the number-one focus. Fifty-five percent of board members say they want to spend more time on risk management, more than any other area. When you consider the numerous potential threats to the global and domestic economy, and the general uncertainty that has taken hold of the country since the 2008 financial crisis, it is completely understandable why boards are intent on leaving no stone unturned when ferreting out risks in their organizations. Since a strong majority (61 percent) of directors believe their liability has increased in recent years due to additional responsibilities they’ve been given, some of this due diligence may be the result of a self-preservation instinct. more

ATMs, not the kind at the gas station and grocery store that dispense cash in increments of $20s, but at-the-market transactions continue to grow in popularity. According to McNicoll Lewis & Vlak, LLC (MLV), an investment bank and broker-dealer, 98 ATMs were filed in 2011 through the end of August. That represented about one-fourth of all follow-on transactions, up from about 20 percent last year, says Dean Colucci, MLV’s president and chief operating officer. “ATMs are one of the most-used capital raising products that no one knows about,” he adds.

As described in this FAQ from the law firm of Morrison & Foerster LLP, an ATM is an “offering of securities into an existing trading market for outstanding shares of the same class, at other than a fixed price.”

An ATM provides a company that’s already public and eligible to issue secondary offerings (what’s sometimes referred to as “shelf eligible”) with the ability to sell additional shares at the market price, at a time and in the amount of the issuer’s choosing. more

I read a blog post by Ben Lamorte, VP of marketing and sales at Alight Planning who delivers business and financial planning applications, who asks why financial reporting tools deliver no business value . This led me to think that there are more than a few ways to waste money buying software, but I want to focus on one of the most common ones: assuming that having a new application will automatically improve your business (or believing a vendor who tells you that it will).

Just buying a reporting system, for example, does not make your organization smarter, agile or more competitive. What matters of course is what goes into the reports and how quickly actionable information is available to the right people. To achieve this requires some thought, especially about how having the technology can help you make fundamental changes. It also means having a process in place that regularly reviews and rates the value of these reports and regularly canvasses users on their information needs. more

Everybody’s talking about executive compensation – so much so that the drone of the conversation is drowning out more important discussions about risk management and succession planning.

That’s too bad because most corporate directors don’t believe that recent rules changes concerning executive compensation will help them better manage executive compensation, according to a new survey of more than 100 corporate directors at U.S. publicly listed companies conducted by BDO USA last month.

Even worse, 91 percent of compensation committee members indicate that Dodd-Frank will not strengthen their oversight of executive compensation. more