ELTENI’S CYBER SCOOP
Latest News
In this newsletter, FINRA and SEC update their enforcement strategies, Artificial Intelligence (AI) continues to have a profound effect on cybersecurity attack landscapes and defenses.
REGULATORY CORNER
FINRA Unveils Changes to Enforcement Program
The Financial Industry Regulatory Authority (FINRA) announced changes to its enforcement program on March 2, as part of its broader “FINRA Forward” initiative. FINRA believes these “common-sense improvements,” which follow similar updates from the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) to their enforcement programs, will advance three core objectives: transparency, efficiency, and greater opportunities for member firms to be heard. By enabling faster and more efficient resolution of issues, FINRA believes these enhancements will strengthen investor protection and market integrity, while expediting the identification of compliance issues and risk mitigation. The highlights:
Increased Transparency – FINRA will begin offering an introductory meeting for potential firm respondents at the outset of an investigation.
Increased Efficiency – FINRA has introduced a specialization program covering 11 areas of expertise, allowing cases that require specialized knowledge to be assigned to staff with deeper expertise, improving internal collaboration and driving consistency across similar cases.
Increased Communication – FINRA also implemented changes that give firms the opportunity to provide input before disciplinary decisions are finalized. This would allow for discussion of preliminary findings and giving firms and individuals the chance to provide context or challenge conclusions.
Notes
FINRA’s March 2026 enforcement changes are best viewed as a process upgrade, not a relaxation of oversight: the agency is creating earlier dialogue, more frequent status updates, and clearer checkpoints, which should make matters more predictable for firms that are well prepared. For executives, the practical takeaway is that regulatory outcomes will increasingly depend on how quickly the organization can assemble facts, preserve evidence, demonstrate effective governance, and show credible remediation across legal, compliance, cyber, and operations. In that sense, firms with mature incident response, strong recordkeeping, and disciplined third-party risk management should benefit from the added transparency, while firms with fragmented controls or weak documentation may find that the new process exposes issues faster and more clearly.
ENFORCEMENT NEWS
SEC to Give Probe Subjects More Notice as It Updates Enforcement Manual
In February 2026, The U.S. Securities and Exchange Commission said it will give the subjects of investigations more time at the outset to respond to notices of potential charges and an opportunity to meet with staff within four weeks, as part of a broader update of its internal enforcement protocols.
The SEC’s move to update its enforcement manual, which was last published in 2017, is the latest change to the way Wall Street’s top regulator polices financial markets under Republican Chairman Paul Atkins, who has long argued the SEC can be too opaque in its dealings with the subjects of enforcement probes.
Among the other changes to the manual were new details outlining a process for giving a firm under investigation a waiver from consequences of an enforcement action, such as losing certain securities registration benefits, at the same time it weighs a settlement with the agency.
Notes
This SEC change looks less like deregulation and more like a shift toward a more structured, defensible enforcement process: probe targets will ordinarily get four weeks to respond to a Wells notice, Wells meetings are to be scheduled within four weeks of a submission, the SEC has formalized how it evaluates cooperation and civil-penalty credit, and it is again allowing settlement offers and related waiver requests to be considered together, all as part of a broader Enforcement Manual update that the agency says it will review annually going forward. The practical takeaway for executives is that the extra notice only helps firms that can use it well: organizations facing cyber, disclosure, or controls-related scrutiny will need to move quickly to preserve evidence, validate facts, coordinate legal/compliance/forensics, and present a credible remediation story, because a more transparent process tends to favor firms with mature incident response and documentation discipline rather than firms hoping procedure alone will reduce exposure.
SEC to give probe subjects more notice as it updates enforcement manual | Reuters
CYBER NEWS
Sygnia has uncovered a live network of cloned, scam websites supposedly belonging to law firms. Business impersonation scams are nothing new, but this campaign, in total, comprises more than 150 related domains. The domains are registered through multiple registrars across different IP ranges; each site uses a distinct SSL/TLS certificate; and many are deployed behind Cloudflare, obscuring the servers, hiding their relationships and making takedowns more difficult. Each cloned website aims to appear as a single domain rather than being part of a wider campaign.
How AI Assistants are Moving the Security Goalposts | KrebsOnSecurity
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.
CrowdStrike says attackers are moving through networks in under 30 minutes | CyberScoop
The average breakout time — how long it took financially-motivated attackers to move from initial intrusion to other network systems — dropped to 29 minutes in 2025, a 65% increase in speed from the year prior. “The fastest breakout time a year ago was 51 seconds. This year it’s 27 seconds,” Adam Meyers, head of counter adversary operations at CrowdStrike, told CyberScoop. Defenders are falling behind because attackers are refining their techniques, using social engineering to access high-privilege systems faster and move through victims’ cloud infrastructure undetected.
Cybersecurity 2026: AI, CISA, manufacturing sector all in the hot seat | Cybersecurity Dive
New year, new and more complex challenges for cybersecurity leaders, starting on the technology front: AI tools are revolutionizing ways of working for security operations teams while unfortunately also empowering cyber threat actors to amplify their attacks. At the same time, the very foundation of financial protection in the face of a cyberattack — cyber insurance coverage — has reached a tipping point. Insurers are now more closely scrutinizing policyholders’ security postures, pressuring CISOs and executives to invest more in defense tools and potentially face higher premiums.
DECODE THE TERMS
RAT (Remote Access Trojan) – A type of malware that lets an attacker remotely control a victim’s device.
XSS (Cross-Site Scripting) – A web security vulnerability where attackers inject malicious scripts into websites.
SQLi (SQL Injection) – An attack that inserts malicious SQL commands into an application to access or alter database data.
