DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Financial Industry Regulatory Authority Report on Cybersecurity Practices

Posted on February 24, 2015 by Dissent

via BeSpacific:

FINRA Report on Cybersecurity Practices, February 2015 – Executive Summary:

Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority.

[…]

The landscape of threat actors includes cybercriminals whose objective may be
to steal money or information for commercial gain, nation states that may acquire information to advance national objectives, and hacktivists whose objectives may be to disrupt and embarrass an entity. Attackers, and the tools available to them, are increasingly sophisticated. Insiders, too, can pose significant threats.

This report presents an approach to cybersecurity grounded in risk management
to address these threats. It identifies principles and effective practices for firms to consider, while recognizing that there is no one-size-fits-all approach to cybersecurity.

Key points in the report include:

  • A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms’ cybersecurity programs.
  • Risk assessments serve as foundational tools for firms to understand the cybersecurity risks they face across the range of the firm’s activities and assets—no matter the firm’s size or business model.
  • Technical controls, a central component in a firm’s cybersecurity program, are highly contingent on firms’ individual situations. Because the number of potential control measures is large and situation dependent, FINRA discusses only a few representative controls here. Nonetheless, at a more general level, a defense-in-depth strategy can provide an effective approach to conceptualize control implementation.
  • Firms should develop, implement and test incident response plans. Key elements of such plans include containment and mitigation, eradication and recovery, investigation, notification and making customers whole.
  • Broker-dealers typically use vendors for services that provide the vendor with access to sensitive firm or client information or access to firm systems. Firms should manage cybersecurity risk exposures that arise from these relationships by exercising strong due diligence across the lifecycle of their vendor relationships.
  • A well-trained staff is an important defense against cyberattacks. Even well-intentioned staff can become inadvertent vectors for successful cyberattacks through, for example, the unintentional downloading of malware. Effective training helps reduce the likelihood that such attacks will be successful.
  • Firms should take advantage of intelligence-sharing opportunities to protect themselves from cyber threats. FINRA believes there are significant opportunities for broker-dealers to engage in collaborative self defense through such sharing.

FINRA expects firms to consider the principles and effective practices presented in this report as they develop or enhance their cybersecurity programs. FINRA will assess the adequacy of firms’ cybersecurity programs in light of the risks they face.

This report is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations. Throughout the report, we identify cybersecurity practices that we believe firms should consider and tailor to their business model as they strengthen their cybersecurity efforts.

SOURCE: FINRA

Category: Commentaries and AnalysesFinancial SectorOf NoteU.S.

Post navigation

← Watch: Dumpster confrontation; FOX31 investigator finds customers’ personal info
Lawsuit filed over Shorter University data theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.