Cybersecurity and Risk Insights and Alerts
Cyber risks and threats continue to evolve, and firms are under pressure to meet SEC and FCA expectations for operational resilience as well as their own internal and client expectations for cybersecurity and privacy. Stay current on the latest cybersecurity, privacy, and risk threat and regulatory alerts, and build your cybersecurity and privacy knowledge with insights from our cybersecurity and technology risk experts.
ACA Aponix Cybersecurity Checklist
Cyber alerts and insights

SEC to Investment Advisers: Cybersecurity Must Be a Comprehensive, Continually Evolving Program
This was the topic of discussion between the SEC’s Keith Cassidy, Head of the SEC’s Technology and Controls Program, and ACA Aponix® partner Mike Pappacena, during ACA’s spring conference. They discussed why the threat of a cyber-attack is so acute for investment advisers, how they can best protect themselves and their clients, and what the SEC expects from investment advisers’ cyber programs. Here are some highlights from their conversation.
- Cybersecurity

Active Supply-Chain Ransomware Attack Against Kaseya VSA
Kaseya has warned of an active attack against a number of its customers using Kaseya’s VSA remote monitoring and management (RMM) platform. The attackers are using the platform to deliver REvil ransomware to systems, demanding $44,999 in funds to reclaim access to data.
- Cybersecurity

PrintNightmare: Windows Zero-Day Vulnerability Detected
A Windows vulnerability was detected that can enable bad actors to potentially take control of an affected system. Find out how to protect your systems.
- Cybersecurity

SEC Request for Information About SolarWinds Compromise
The SEC is conducting outreach to firms who may have been a victim of the SolarWinds breach with a voluntary request to produce information.
- Cybersecurity

FBI Warns of Criminals Impersonating Advisers and Brokers
The FBI has warned of recent criminal activity in which threat actors impersonate investment advisers and brokers online.
- Cybersecurity

FINRA Warns of Additional Fake Emails
The Financial Industry Regulatory Authority (FINRA) has issued an alert warning of reported additional phishing attempts using fake FINRA credentials. Per the notice, an ongoing email phishing campaign has been reported, in which the fake FINRA domain name of "gateway-finra[dot]org" is being used.
- Cybersecurity