Friday; January 10, 2020

Workplace Cybersecurity Newscast

A Security News Roundup for Financial Advisors 

DFS Issues Risk Alert Concerning Possible Iran Cyber-Attacks
Data Privacy and Security Insider: In view of Iran’s vows to retaliate against the United States for the death of Quassem Soleimani, the NYDFS has issued an industry letter to all regulated entities regarding the need for heightened cybersecurity precautions. The letter notes that it “is particularly concerning that Iran has a history of launching cyber-attacks against the U.S. and the financial services industry,” citing 2012-2013 Iranian-sponsored cyber-attacks against several major U.S. banks


Xtiva: Cyber attacks aren’t just for big-name businesses. Cybersecurity threats affect all businesses, big and small. If you’re a financial advisor, you need to pay close attention to how you handle sensitive financial information. Protecting your information and your clients’ information has never been more important.


Anticipating the First Cybersecurity Enforcement Action by NYDFS The question gets asked quite frequently in regulatory circles: “Will the New York State Department of Financial Services bring an enforcement action under its cybersecurity regulation, and if so, when?” The probable answers are “yes” and “soon.”


UK government investigates possible cyberattack link to London Stock exchange outage
CNBC: The UK government is reexamining the London Stock Exchange outage to ascertain whether or not a cyberattack, rather than a software glitch, was the cause. The LSE's outage occurred on August 16, 2019. A "software glitch" was blamed in which Friday early-morning traders were left unable to buy or sell shares for over an hour and a half. Both the FTSE 100 and FTSE 250 indexes were impacted.


Lawmakers Prod FCC to Act on SIM Swapping
Krebs on Security:
Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via “SIM swapping,” a particularly invasive form of fraud that involves tricking a target’s mobile carrier into transferring someone’s wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping.


Tricky Phish Angles for Persistence, Not Passwords
Forbes: Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.


Cybersecurity Newscast provides top security news and information specific to the financial services industry. Through a variety of primary and secondary news sources, we aggregate relevant news and then determine the best stories to be featured by covering a mix of headline news as well as less reported, yet relevant news stories specific to security and compliance. 

Workplace by OS33  is the market leading cloud security and compliance platform for investment advisory firms, broker dealers and insurance companies with independent agents, representatives and advisors.