Last week, the New York State Department of Financial Services (NYDFS) finalized amendments to its 2018 regulations on cybersecurity to enhance cybersecurity governance, mitigate risks, and protect New York businesses and consumers from cyber threats.
On October 30, 2023, the Securities and Exchange Commission (“SEC”) announced charges against SolarWinds Corporation and its chief information security officer, Timothy G. Brown. The charges were for a combination of fraud and internal control failures related to allegedly knowing about cybersecurity risks and vulnerabilities.
On Saturday, August 19, 2023, a Kroll employee fell victim to a sophisticated “SIM swapping” cyber-attack, targeting their T-Mobile US., Inc. account. This attack involved the transfer of the Kroll employee’s phone number by T-Mobile to the threat actor’s device at their request.
The SEC states a “covered technology” includes a broker-dealer or investment advisers’ “use of analytical, technological, or computational functions algorithms, models, correlation matrices, or similar methods or processes that optimize for, predict, guide, forecast, or direct investment-related behaviors or outcomes of an investor”.
On July 26th, 2023, the SEC adopted rules requiring public companies “to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance”.