Cybersecurity and Risk Insights and Alerts
Cyber risks and threats continue to evolve, and firms are under pressure to meet SEC and FCA expectations for operational resilience as well as their own internal and client expectations for cybersecurity and privacy. Stay current on the latest cybersecurity, privacy, and risk threat and regulatory alerts, and build your cybersecurity and privacy knowledge with insights from our cybersecurity and technology risk experts.
ACA Aponix Cybersecurity Checklist
Cyber alerts and insights
SEC OCIE Warns of Increased Risk of Credential Stuffing
The SEC OCIE has issued an alert warning of an increase in the use of the “credential stuffing” tactic in attacks against SEC registrants, including broker-dealers, investment advisers, and investment companies. Credential stuffing can significantly increase financial, regulatory, legal, and reputational risk to firms and OCIE has made recommendations for protecting client accounts.
- Cybersecurity
- Phishing
FINRA Warns of Fake Agency Website
FINRA issued an alert regarding the appearance of a fake website purporting to be from the authority. The fake website uses the domain “finnra.org” in which the letter “n” appears twice.
- Cybersecurity
- Phishing
Highlights from the 2020 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey
Benchmarking your firm’s cybersecurity program against those of your peers is a smart way to identify the compliance gaps your firm should address. Here are the results of the 2020 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey.
- Cybersecurity
Is It Time to Reset Your Password Reset Policy?
Many authorities are questioning whether mandatory password reset policies are worth the hassle. Get ACA's guidance on when, if ever, you can remove or relax your password reset policy.
- Cybersecurity
Third-Party Risk Management: Collaborating for Results
Running vendor management or third-party risk management (TPRM) programs can be a complicated process for both consumers and providers of services. Here are some of the current challenges with due diligence and opportunities to improve the process for all parties involved.
- Cybersecurity
Critical Vulnerability Identified in Windows Servers
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert identifying a critical vulnerability affecting all versions of Microsoft® Windows Server® configured with the Domain Name System (DNS) role enabled. The vulnerability could potentially allow a remote attacker to gain control of affected systems.
- Cybersecurity