.png?width=200&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
This Risk Alert highlights “credential stuffing” — a method of cyber-attack to client accounts that uses compromised client login credentials, resulting in the possible loss of customer assets and unauthorized disclosure of sensitive personal information.
The 2019 Governance Outlook: Projections on Emerging Board Matters is designed to give corporate directors and senior executives a comprehensive overview of major business and governance issues likely to demand board focus over the coming year. The report begins with an introduction from NACD, highlighting survey findings...
While financial services organizations have always been a target for sophisticated criminals, cyber adversaries’ capabilities are breaking new ground as they advance rapidly. Accenture cyber threat intelligence research points to several key threats that...
The FBI is the lead federal agency for investigating cyber-attacks by criminals, overseas adversaries, and terrorists, and the FBI’s IC3 provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet-facilitated criminal activity...
Marriott International Inc. said it’s investigating a hack of the guest reservation database at its Starwood unit that may be one of the biggest such breaches in corporate history. The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests...
Business has changed markedly over the last few years thanks to the rise and sophistication of digital technologies. As asset managers have evolved to become more automated and utilise a plethora of solutions to manage data, they have unavoidably become more vulnerable to serious cyber attacks...
COBIT 5, building on its solid foundation by adding the latest developments affecting enterprise information and technology. COBIT 2019 helps enterprises govern information and technology regardless of where it lives. Right-size your governance program and position your entire enterprise for future success.
The CIS Controls™ are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks. The CIS Controls are developed by a community of IT experts who apply their first-hand experience as cyber defenders to create these globally accepted security best practices.
The human is the greatest vulnerability in any organization. In this era of persistent cyber threats, an organization will be secure only with the active participation of everyone. Each member of the group, from the newest employee to the chief executive, holds the power to harm or to help, to weaken or strengthen, the organization’s security posture.
The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of cyber threats. The mitigation strategies can be customised based on each organisation's risk profile and the cyber threats they are most concerned about.
In today’s interconnected world, cybersecurity has a lot of different meanings, depending on your understanding of cybersecurity and how it is used in a business environment. What is even more confusing is the number of definitions that define this term.
Private equity (PE) firms are comprised of investors who wish to achieve a financial return from buying into companies, rather than by investing in stocks or bonds. In actual practice, the targeted companies are often struggling financially but still have a tremendous upside as identified by PE investors, and they simply need an infusion of cash with perhaps some added managerial expertise or restructuring to streamline operations.
When the financial services industry undertook a cyber attack simulation called Quantum Dawn in 2013, the exercise shined a spotlight on the importance of cyber war games in helping organizations improve incident response.
The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework.
Two-thirds of asset managers believe cyber crime presents a greater threat to their business this year than it did in 2017, according to a survey conducted by Osney Media and BackBay Communications.
“Blind faith is put in third parties without having a clear and full picture of what exactly is being handed over and what level of access is being granted.”
Vladimir Rabotka, Castle Hall
This week, during a meeting of the Treasury Department's Financial and Banking Information Infrastructure Committee, leaders of the SEC and the Commodity Futures Trading Commission shared updates about their agencies' approaches to cybersecurity, as well as an overview of their examination processes, rules and other actions.
Overview of regulatory requirements, guidance and approaches to cyber security.
OCIE published a Risk Alert announcing a series of examinations to identify cybersecurity risks3 and assess cybersecurity preparedness in the securities industry.
Starting on May 12, 2017, a widespread ransomware attack, known as WannaCry, WCry, or Wanna Decryptor, rapidly affected numerous organizations across over one hundred countries...
The Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. The following provides answers to frequently asked questions concerning 23 NYCRR Part 500. Terms used below have the meanings assigned to them in 23 NYCRR 500.01...
In OCIE’s Cybersecurity 2 Initiative, National Examination Program staff examined 75 firms, including broker-dealers, investment advisers, and investment companies (“funds”) registered with the SEC to assess industry practices and legal and compliance issues associated with cybersecurity preparedness...
The Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. The following provides answers to frequently asked questions concerning 23 NYCRR Part 500. Terms used below have the meanings assigned to them in 23 NYCRR 500.01...
