Financial Services Cybersecurity Weekly Briefing 03-09-2018

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Cybersecurity Is ‘Top Risk’ for Financial Services Industry
The long-term approach for the SEC in terms of cybersecurity is for the markets to develop robust protocols and dedicate sufficient resources to make firms and the markets more broadly uninviting. […] The SEC’s thinking on cybersecurity is anchored to a broad set of four principles, according to Hetner. The first is that cybersecurity should be aligned to the business strategy with support from the board all the way downstream to staff.


Bitcoin Thirst Spurs Icelandic Heist—“Grand Theft On A Scale Unseen Before”
Eleven people have been arrested in Iceland as a result of what local media are calling the “Big Bitcoin Heist”—600 mining computers were recently stolen from Icelandic data centers in four separate burglaries between December 2017 and January 2018. […] So far, a Reykjanes District Court judge ordered two of the 11 arrested individuals to remain in custody. Apparently, the specialized machines have not yet been located and are worth approximately $2 million.


8 Best Practices for Working Remotely
Companies of all sizes are under attack. It is true that threat actors primarily attack large companies, but they may also target small and medium companies. Smaller companies are often more vulnerable and in a connected world, the compromise of a small company or even an individual may lead to the compromise of a larger target. Additionally, broad, untargeted attacks hit all networks, regardless of size. In this threat environment, companies use a combination of prevention, detection, and insurance solutions to mitigate the risk of breach. While good technologies and policies help, the truth is that the very employees who make the business go are a primary avenue of risk.


Millions of Office 365 Accounts Hit with Password Stealers
In this case, users are hit with the password stealer when they download and open the malicious document. When the document opens, a macro inside launches PowerShell, which acts in the background while the victim views the document. […] “What they do is they rotate the content of the email; they rotate sender information,” he continues. Signature-based systems won’t catch these messages because changing the characteristics of malicious emails changes their fingerprint.

SEC Cybersecurity Enforcement at Watershed Moment: How Companies Should Prepare
Notwithstanding ongoing investigations, outside the broker-dealer context, the SEC has yet to file charges against a public company or its directors and officers over a cybersecurity breach or incident. That said, SEC Chairman Jay Clayton upped the ante recently, announcing that, “[p]ublic companies have a clear obligation to disclose material information about cyber risks and cyber events. I expect them to take this requirement seriously.”


Banking Regulator Warns Major Cyber Breaches Are ‘Probably Inevitable’
“Just as it’s often said that it’s not the crime but the cover-up that gets you, the lack of a tested and effective response to a cyber security breach can be a bigger risk for entities than the related incident,” he said. […] Institutions will be required to take undertake regular testing of their cyber defenses, have robust systems in place to detect threats, and set out which senior staff are responsible for cyber security.


Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.