Cybercrimes tend to increase during the holiday season, as malicious actors take advantage of the increased employee travel and distractions that are more common during the holiday season. To help protect from cyberattacks during the busy holiday season, the FBI and CISA compiled several recommendations that employees can take now to prevent from these kinds of attacks.
Read More
Cybercrimes tend to increase during the holiday season, as malicious actors take advantage of the increased employee travel and distractions that are more common during the holiday season. To help protect from cyberattacks during the busy holiday season, the FBI and CISA compiled several recommendations that employees can take now to prevent from these kinds of attacks.
Last week, the New York State Department of Financial Services (NYDFS) finalized amendments to its 2018 regulations on cybersecurity to enhance cybersecurity governance, mitigate risks, and protect New York businesses and consumers from cyber threats.
On September 29, 2023, the SEC charged five broker-dealers, three dual registrants, and two affiliated investment advisors with “widespread and longstanding failures to maintain and preserve electronic communications,” according to the SEC’s press release. The ten firms will pay combined penalties of $79 million. Each firm was also censured and served a cease-and-desist order.
The SEC recently issued a Wells Notice to SolarWinds executives, representing a seismic shift in accountability from conventional targets, to also include those responsible for overseeing cyber and data security programs, as evidenced by its explicit reference to the SolarWinds chief information security officer.
On Saturday, August 19, 2023, a Kroll employee fell victim to a sophisticated “SIM swapping” cyber-attack, targeting their T-Mobile US., Inc. account. This attack involved the transfer of the Kroll employee’s phone number by T-Mobile to the threat actor’s device at their request.
The SEC states a “covered technology” includes a broker-dealer or investment advisers’ “use of analytical, technological, or computational functions algorithms, models, correlation matrices, or similar methods or processes that optimize for, predict, guide, forecast, or direct investment-related behaviors or outcomes of an investor”.
On July 26th, 2023, the SEC adopted rules requiring public companies “to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance”.