Cyber threats in the financial sector can mean a compromise of investor information, exposed trading algorithms, and systematic failures. More and more broker dealers are realizing security of their framework cannot rest solely on the heads of the IT department. When the potential damage to a firm from a cyber attack includes loss of customers, liability for losses, and fines from regulatory authorities; CEO’s and compliance officers need to closely monitor their cybersecurity program.
Spending on cybersecurity risks is expected to top $40 billion by 2017. To address issues and add stronger emphasis on cyber threats, FINRA released the “Report CyberSecurity Practices, February 2015” which outlines areas of risk and steps regulated firms need to take in protecting themselves and investors against threat. FINRA states that cyberthreats include criminals whose objective is to steal money, advance political or national objectives, or disrupt and embarrass a firm. FINRA recognizes that the tools available to hackers have become increasingly sophisticated, while insiders of a firm can also pose a similar threat. Its time for firm executives to stand up and take a leadership role to protect their company and investors from threats and attacks.
All in all, studies indicate brokerages, banks, and money managers have been lax in certain areas surrounding cybersecurity. However, financial institutions and entities are consistently among the top 3 most often impacted by cyber attacks. What is your firm doing to prevent attacks?
Studies find, it costs companies more in the long run to continually have to react to intrusions, when it would be much more efficient to invest resources in detection, prevention, and education. Ensuring IT is up to date on system patches, and educating customers and staff to recognize and report suspicious activity are easy steps CEO’s and compliance officers can take to prevent costly repairs to company data and reputation. Prevention of attacks from outside threats is key to management.
Successful cyber attacks are happening all around
Target 2013 – hackers break in to the point of sale system. The breach was found to be malware that worked its way in through the 3rd party software of Target’s heating and air conditioning service provider. The malware siphoned log in credentials and gained remote access to Targets servers. Investigators found the Target IT department was 1 year behind in implementing system patches. Are your system patches up to date?
Phishing Emails – nearly 25% of people who receive phishing emails open them and 11 percent download or click embedded links. Virus’ and malware in these links are then spread from computer to computer through more and more emails and file transfers. Do your customers and staff know how to recognize a phishing attempt?
The 2015, Verizon Enterprise Data Breach Investigations Report indicates 96% of companies surveyed that had been attacked, did not know of the attack until law enforcement notified them. What is your plan to address an attack after it has occurred?
Most firms need more than just IT advice to implement a sound cyber security approach for regulatory needs. At RND Resources, we specialize in working with broker-dealer firms and money managers to implement risk management programs that meet regulatory requirements. We analyze a firms’ cyber weaknesses and structure a practical plan to resist attacks and minimize threats. Our philosophy puts your firm and investors first in compliance and regulatory needs.
Register for our upcoming CyberSecurity and Risk Assessment Seminar in Woodland Hills, CA, June 17, 2015 to learn more about what your firm can do to thwart off cyber threats. We’ll be training compliance professionals, CFO’s, and CEO’s on guidelines and practical approaches to maintaining a sound cybersecurity governance program. Learn the steps you need to know from Dave Banerjee, CPA, as well as Sylvia Scott J.D. a former FINRA enforcement attorney, members of the FBI Cyber Crimes Unit, and Laxmi Ramanath founder of Lameera.com Risk Management Software.
RND Resources is a full service compliance and registration support firm for regulated financial companies. We handle PCAOB audits, risk assessments, assurance services, and FINOP duties for small to mid-size Broker-Dealers, RIAs, Hedge funds, and Money managers. Choose from a full suite of services to suit the needs of your firm. We are a leading securities brokerage support firm and have been here to help since 1985.