Cybersecurity News Alert December 2018:
On December 20th, the Financial Industry Regulatory Authority (“FINRA”) released a report detailing the effective cybersecurity practices and common risks observed during recent examinations. The report focused on the following key areas:
- Branch Controls
- Phishing Attacks
- Insider Threats
- Penetration Testing
- Mobile Device Security
Branch Controls: Maintaining rigorous cybersecurity controls are a firms best defense against attacks and human error. Establishing policies, controls, and an overall cybersecurity program promotes firm cybersecurity awareness and fosters a “security first” environment. In this section FINRA reviews:
A report by U.K.-based Sapio Research found that more than 30% of local financial firms suffered up to 10 cyber attacks in the last 12 months, Finance.co.uk reported. The report found that financial firms experienced an average of five attacks apiece. Nearly half of IT executives said that small businesses do not know how to implement or use cyber security software.
SEC’s First Red Flags Rule Settlement: Broker-dealer Voya’s $1-million settlement with the SEC for alleged violations of the Safeguards Rule and the Identity Theft Red Flags Rule shows that the SEC is willing to act when it believes firms could have done more to prevent attacks.
“The SEC expects companies to not only have in place commercially reasonable standards, policies and procedures for cybersecurity, but to implement them along with compliance and audit procedures to assure that they are working as intended,” Jason Elmer, managing partner at Drawbridge Partners, told The Cybersecurity Law Report.
We analyze the case, which involved a network intrusion by people impersonating third-party contractors, and its lessons, including the mistakes Voya made, how companies can avoid them and what the case says about SEC cybersecurity enforcement.
SEC Cybersecurity News Alert: Today, the Securities and Exchange Commission (SEC) announced that a Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million for its failures in cybersecurity policies and procedures surrounding a cyber-breach.
Facebook Cybersecurity Risk Alert: On Tuesday September 25th, Facebook discovered a security breach affecting approximately 50 million users. Attackers exploited a vulnerability in the “View As” feature of Facebook, which allows users to view their profile from the perspective of another user. As a result of the exploit, the attackers stole Facebook access tokens, which could have allowed them to gain control of the user accounts. Access tokens are digital keys that keep users logged in to Facebook and do not require users to re-enter their password every time they use the application.