Cyber Threat Protection for Financial Services
Cybercrime is the second most common economic crime in the financial services industry, and financial services is one of the top targeted industries by cyber criminals. Hackers are typically looking for user credentials, personal data, and confidential account information. All of this is requiring Financial Service Companies to explore cyber threat protection and network monitoring tools.
Compliance Regulations
To address the increase in cybercrime and maintain transparency betweeen a company and their clients, U.S. regulators now require that cyber attacks are made public in company filings. Financial services firms including registered broker-dealers, investment advisers, and investment companies to establish written policies maintain their security posture, including:
- Maintaining security and confidentiality of customer records and information
- Protect against potential threats to the security or integrity of customer records and information
- Defend against unauthorized access to private company and customer information that could result in substantial hard to the customer
NetWatcher provides a solution that enables mid-market enterprises in the financial services industry to meet strict regulations including Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA), International Standards Organization (ISO), and other compliance programs that require log storage, management, and monitoring.
Cybersecurity Examination Initiative
In September 2015, the Office of Compliance Inspection and Examinations (OCIE) introduced a Cybersecurity Examination Initiative which focuses on:
- Governance and Risk Assessment
- Access Rights and Controls
- Data Loss Prevention
- Vendor Management
- Training
- Incident Response
The Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) are taking enforcement actions against firms based on cybersecurity governance failures and lack of apppropriate technology. Below are a few examples of firms that failed to meet compliance regulations:
- A registered broker-dealer, investment adviser and transfer agent failed to implement enhanced security measures and procedures, despite experiencing a series of hacking incidents (more).
- A registered broker-dealer, failed to employ adequate safeguards to ensure that data breaches involving confidential customer information were reported to the Compliance Department and Privacy Officer, as required by the firm’s procedures.
- A registered broker-dealer failed to investigate a data breach and sent inaccurate notifications to customers and registered representatives concerning the data breach.
- The COO of a broker-dealer failed to enhance cybersecurity policies and procedures, despite being aware of three stolen laptop computers (one of which contained confidential customer information) and a representative’s misappropriated email access credentials (more).
NetWatcher FINRA Service for Mid-Sized Businesses
NetWatcher‘s cyber threat protection helps financial institutions meet requirements outlined in the OCIE sample cybersecurity examination document, including:
- Detection of unauthorized activity (monitoring for potential cybersecurity incidents; amassing and correlating data on cybersecurity incidents; detecting malware and malicious code on networks and devices; detecting unauthorized users, devices, connections, and software on the firm’s network; and using data loss prevention software).
- Cybersecurity breaches (malware; denial-of-service attacks; unauthorized network access; fraudulent emails attempting to transfer customer funds or securities; software or hardware malfunctions that impair network or web resources; and theft, loss, or unauthorized use or access to customer information) and the firm’s responses thereto.
A 24×7 cyber threat protection and monitoring service protects private client information by looking for anomalous behavior and alerting customers immediately when a potential threat arises. NetWatcher protects confidential company data and assists mid-sized businesses in the financial services industry in staying compliant.