This week, FINRA released a report focusing on the increased threats of cyberattacks in the financial industry, and preventative measures that all brokerage firms should implement to decrease their exposure to a serious cyberattack. The report emphasized that firms must treat threats of cyberattacks as a high priority. The report found that some of the factors exposing firms to increased threats of cyberattacks included: (1) advances in technology; (2) changes in firms’ business models; and (3) changes in the use of information technology systems by firms and their customers.
FINRA’s report resulted from an examination in 2014 that explored: (1) the types of cyber threats; (2) firms’ vulnerabilities/exposures to such threats; and (3) firms’ approaches in mitigating pervasive threats. The report found that key points of emphasis for members to implement included: (1) a sound governance framework with strong leadership and engagement from upper-management on cybersecurity issues; (2) the utilization of risk assessments as foundational tools to understand the cybersecurity risks faced across the range of firms’ activities; (3) technical controls and a defense-in-depth strategy to provide an effective approach to conceptualize control implementation; (4) developing, implementing, and testing incident response plans, including containment and mitigation, eradication and recovery, investigation, and notification to customers; (5) managing cybersecurity risk exposures that arise from relationships with vendors by exercising extensive and ongoing due diligence across the lifecycle of their vendor relationships; (6) establishing effective training programs to help reduce the likelihood that staff members can become inadvertent vectors for successful cyberattacks; and (7) capitalizing on intelligence-sharing opportunities to engage in collaborative self-defense which helps to protect firms from cyber threats.
FINRA acknowledged that there was no “one-size-fits all” solution to address cyber threats, and encouraged firms to implement a risk management approach to cybersecurity tailored to the firms’ individual circumstances.
FINRA’s Report on Cybersecurity Practices can be found here: http://www.finra.org/web/groups/industry/@ip/@reg/@guide/documents/industry/p602363.pdf