Cybersecurity Risk Management for the Securities Industry


Increasing regulatory scrutiny of cybersecurity measures is unsurprising in light of the growing prevalence and awareness of cyber threats in the United States. From Target to Sony, recent high-profile data breaches have illustrated the potentially severe consequences of a cyber-event and the diversity in the types of attackers (e.g., hacktivists, advanced persistent threats, and criminal rings), motivations (e.g., political activism, theft of trade secrets and other information that can be monetized), and techniques (e.g., spear-phishing, zero day exploits, and malware) that give rise to cyber-attacks. From the broadly targeted SQL injection attacks, which target companies that have insecure websites and/or web applications, to sophisticated, targeted attacks on companies that may have financially or politically sensitive information, there are a large range of potential cybersecurity threats. However, the focus on these massive attacks on prominent companies may obscure one critical point: every company has valuable data and every company is a potential target for cyber-attacks.

Reprinted with permission from Practical Compliance and Risk Management for the Securities Industry, a professional journal published by Wolters Kluwer Financial Services, Inc. To read the full article, click on the PDF linked below.


Email Disclaimer