This week, FINRA released a report focusing on the increased threats of cyberattacks in the financial industry, and preventative measures that all brokerage firms should implement to decrease their exposure to a serious cyberattack. The report emphasized that firms must treat threats of cyberattacks as a high priority. The report found that some of the factors exposing firms to increased threats of cyberattacks included:
- Advances in technology
- Changes in firms’ business models
- Changes in the use of information technology systems by firms and their customers
FINRA’s report resulted from an examination in 2014 that explored:
- The types of cyber threats
- Firms’ vulnerabilities/exposures to such threats
- Firms’ approaches in mitigating pervasive threats
The report found that key points of emphasis for members to implement included:
- A sound governance framework with strong leadership and engagement from upper management on cybersecurity issues
- The utilization of risk assessments as foundational tools to understand the cybersecurity risks faced across the range of firms’ activities
- Technical controls and a defense-in-depth strategy to provide an effective approach to conceptualize control implementation
- Developing, implementing, and testing incident response plans, including containment and mitigation, eradication and recovery, investigation, and notification to customers
- Managing cybersecurity risk exposures that arise from relationships with vendors by exercising extensive and ongoing due diligence across the lifecycle of their vendor relationships
- Establishing effective training programs to help reduce the likelihood that staff members can become inadvertent vectors for successful cyberattacks
- Capitalizing on intelligence-sharing opportunities to engage in collaborative self-defense which helps to protect firms from cyber threats
FINRA acknowledged that there was no “one-size-fits all” solution to address cyber threats, and encouraged firms to implement a risk management approach to cybersecurity tailored to the firms’ individual circumstances.
FINRA’s Report on Cybersecurity Practices can be found here: http://www.finra.org/web/groups/industry/@ip/@reg/@guide/documents/industry/p602363.pdf