ELTENI'S CYBER SCOOP Latest News In this newsletter, we highlight the regulatory emphasis on documentation and reporting, the requirement for and potential impact of third-party risk management and putting security on the boardroom agenda. REGULATORY CORNER CISA Proposed Cyber Incident Reporting Requirement covers a wider range of entities The U.S. Department of Homeland Security’s (DHS)
ELTENI'S CYBER SCOOP Latest News In this newsletter, we highlight the Compliance issues with the SEC’s rule on material incident disclosure, The Department of Justice's continued efforts to combat the exploitation of widespread vulnerabilities and the increased sophistication of deepfake cyber incidents. REGULATORY CORNER Companies are not complying with the new SEC cybersecurity incident rule
ELTENI'S CYBER SCOOP Latest News In this newsletter, we highlight the FINRA regulatory oversight report, law enforcement continuing their crackdown on cyber criminals and the impact of Artificial Intelligence on cybersecurity. REGULATORY CORNER FINRA Publishes 2024 Regulatory Oversight Report In January, FINRA published their 2024 Annual Regulatory Oversight Report, which was formally known as the
ELTENI'S CYBER SCOOP Latest News In this newsletter, we uncover an SEC Director’s op-ed on disclosure rules. A major international cybersecurity crackdown by law enforcement. The SEC op-ed on disclosure rules. REGULATORY CORNER SEC Director of Corporation Finance weighs in on Cybersecurity Disclosures Rules The Director of the SEC’s Division of Corporation Finance provided his
ELTENI'S CYBER SCOOP Latest News In this newsletter, we uncover additional regulatory rules being approved for Clearing Agencies. Also, the numbers are in, and enforcement actions are up, including SEC settled charges against a broker-dealer and a software company for allegedly providing misleading information regarding cyber incidents. Lastly, the proposed cybersecurity rules for RIAs
ELTENI'S CYBER SCOOP Latest News In this newsletter, we uncover a major cybersecurity revelation. The SEC has taken action against SolarWinds Corporation and its CISO, Timothy G. Brown, for alleged fraud and internal control lapses tied to cybersecurity risks. Want to download this in pdf? Enter the password from the email you received.
Yesterday the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released its 2021 exam priorities. In the letter the SEC highlighted that their focus remains the same from prior years with a slight shift in priorities and adjustment of focus. The SEC stated that they will review whether firms have
Fireye detected that Solarwinds Orion is being used by attackers to steal sensitive company data. Fireye’s threat research division found that a highly sophisticated and evasive attacker compromised the Solarwind’s Orion IT monitoring and management platform to deliver a backdoor trojan. It is suspected that the campaign has started as early as April 2020 and
A Cayman Islands investment firm's backups stored in a Microsoft Azure Blob Storage was not secured properly thus resulting in a potential leak of personal banking information, individual passport data, and other sensitive information. A researcher discovered the gaping hole left open by the firm’s Hong Kong based IT provider via a special search engine
Today the OCIE issued a Ransomware Alert, highlighting an uptick in sophisticated social engineering and other cyber campaigns, designed to infiltrate the networks of financial institutions to access sensitive information and/or to deploy ransomware. As a reminder, ransomware actors typically demand monetary payment for the return of data. We can spend time regurgitating what was
