FINRA Cybersecurity Conference: More Data, More Problems
Cyberattacks have escalated at an alarming rate in the last few years. In its recent Cybersecurity Conference, FINRA discussed the increase of cyber incidents handled by the Cybersecurity Specialist Team. In 2019, there were approximately 20 attacks. In 2021, there were 200. That’s a 900% increase in attacks in just two years.
At the conference, it was emphasized that the cyber threat landscape has grown increasingly sophisticated, complex, and harmful to our national and economic security. We previously discussed SEC’s proposed rules and alerts for cybersecurity risk management, and it should be clear that financial services firms must make cybersecurity a top priority.
FINRA also noted the following trends from the last year:
- Increased trading volume
- Increased number of imposter websites
- More ransomware infections
- Greater number of customer and firm account takeovers
- More digital currency/asset fraud schemes
Watch our on-demand webinar: How New Cyber Regulations Will Impact Remote Advisors.
How should financial services respond?
The financial services industry has been increasing its dependency on digital connections — especially as more companies commit to hybrid work. As the value of the data in those digital communications increased, cyber criminals’ desire to access that data has expanded, and they are constantly modernizing their attacks.
Firms need to consider the following:
- Whether they will continue to allow remote or hybrid work
- BYOD policies for mobile devices
- The ongoing introduction of new collaboration tools
- Reliance on mobile and cloud technology
While the pandemic pushed firms into allowing more of the above activities for business continuity reasons, firms need to shift gears and be more thoughtful in how they integrate these practices into their communication strategies. FINRA advises firms to ask themselves:
- What security controls have we put into place regarding these activities, such as remote access, virtual private networks, and multifactor identification?
- Have we reviewed our policies and procedures to make sure we’re capturing any new activities?
- Have we increased our security training and awareness programs to reflect new activities?
Also, firms need to think about their basic data protection hygiene:
- Make sure information is encrypted at rest and in transit
- Make sure encryption certificates are current
- Consider leveraging data protection tools (e.g., ADR tools)
- If using cloud technologies, consider data loss prevention capabilities
Create an incident response strategy
In FINRA’s 2022 Exam Priorities Report, it was noted that effective cybersecurity practices should include incident response planning. Below are some insights regarding possible best practices from the conference.
Incident response plan
Make sure your cybersecurity program includes a clear incident response plan (written documentation) that implements measures to detect, respond to, and recover from a cybersecurity incident.
Include incident response training as part of your policies and procedures. One suggestion at the conference was to routinely run through scenarios with employees to identify issues and provide more robust insights into how you can improve your response plan. Another great suggestion was to make sure you maintain a paper copy of your incident response plan and key contact information so that you have it should your computer access be down.
We’ve all probably heard by now that most cyberattacks originate with internal employees. Firms can implement policies and procedures and conduct extensive training, but employees are still emotionally susceptible to cyberattacks.
It’s important to consider how emotions and behaviors can play into cyberattacks. Attacks often include elements that make you feel pressured or intimidated to get you to perform prohibited actions. One panelist suggested adding a training element to address emotional triggers and implementing escalation procedures to bring in an outside perspective when these triggers occur.
Watch our on-demand webinar: Streamlining Third-Party Risk Management.
Develop trusted vendor partnerships
It’s crucial for firms to collaborate with their IT vendors to understand how their technology solutions are used and what controls are in place. It is important to fully understand the risks associated with these relationships so that business conversations have the appropriate risk context during decision-making.
Collaboration tools in particular have sensitive data that’s being transmitted or stored. Consider implementing formal policies and procedures that review and reassess a vendor’s cybersecurity controls.
Cybersecurity needs to be top of mind
During an era when cyberattacks continue to climb, firms are creating, using and archiving more data than ever. There’s no conflicting message among regulators. Both the SEC and FINRA are emphasizing the increase of attacks and stressing the importance of cybersecurity. Firms must monitor for threats and breaches on their technology infrastructure holistically — including third-party vendors.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.