Financial Services Vulnerabilities

Identifying Common Financial Services Vulnerabilities

Financial services institutions have long been a top target for cyber threats. Access to a large amount of sensitive and confidential information makes the financial sector a target-rich environment for cyberattacks. In addition to mitigating cybersecurity threats, financial firms must also prioritize maintaining and strengthening compliance. These balance of these two priorities presents a unique set of challenges for companies in financial services.

With the inherent diversity of the financial services sector and the shifting cybersecurity and compliance landscape, identifying a one-size-fits-all set of vulnerabilities for all financial services institutions is impossible. However, there are common vulnerabilities to be aware of.

  • Reactively Evaluating Current Cybersecurity Posture:

    Institutions cannot address cybersecurity and compliance vulnerabilities of which they are unaware. Moreover, leaving these vulnerabilities unaddressed can have costly consequences. If unaddressed until an incident occurs, institutions have no choice but to utilize a reactive approach that can leave the business facing outages and shaken customer confidence. Instead, financial service firms should consider taking a proactive approach. By utilizing Coretelligent’s Cybersecurity Evaluation Checklist designed for financial services as a jumping-off point, financial service firms can do an initial assessment of existing vulnerabilities to discuss with a managed service provider (MSP).

  • Ransomware Attacks:

    As the world continues to become more digitally integrated, opportunities for ransomware attacks grow exponentially. In a ransomware attack, attackers use malware to gain access to your organization’s systems or data and hold that data until a ransom is paid by the organization. The results of these attacks are devastating. In addition to the price of the ransom, there are legal fees and other costs associated with damage control, as well as potential loss of data.

  • Access Vulnerability:

    Flaws in various levels of access to information can leave sensitive data exposed and vulnerable for attackers. Cybersecurity integration is key across all divisions and at all levels of access in an organization. Cybercriminals will seek to exploit any weaknesses identified at any level, regardless of the internal structure of the business.

  • Managing Compliance:

    The evolution of information technology has increased the compliance burden on the financial services industry. Financial service organizations are amongst the most regulated business segments in the U.S. However, simply maintaining compliance may no longer be enough. Instead, actively managing compliance risk and strengthening compliance overall is key in earning customer confidence and avoiding costly penalties.

  • Business Continuity:

    What comes next if the worst happens and a cyberattack hits your company? Is your data backed up safely? How quickly would you be able to restore access to users? A proactive and dynamic backup and disaster recovery solution is critical for preventing business interruption and loss of essential data, which could trigger a compliance violation. Off-the-shelf, onsite backup solutions often do not provide the level of performance required to meet the needs of financial and investment organizations. It is vital to establish a solution before an outage to ensure timely recovery and minimize interruption time for clients.

Addressing security and compliance vulnerabilities may seem challenging, but Coretelligent can help. Working with Coretelligent means working with an IT partner who understands both the security and compliance needs of the financial services sector. Contact us today at 855-841-5888 or fill out our online form.

by
Russian Cyber Attacks

U.S. Shares Threat Intelligence. Prepare for Russian Cyber Attacks

Russian Cyber AttacksPresident Biden released a statement Monday warning about “evolving intelligence that the Russian Government is exploring options for potential cyberattacks” on U.S. targets. He is urging the private sector to “harden your cyber defenses immediately by implementing the best practices.”

This warning about Russian cyber attacks comes on the heels of recent alerts about the possibility of increased cyber threats, but this is the first time the U.S. government has mentioned specific intelligence around cyberattacks.

“Today, we are reiterating those warnings, and we’re doing so based on evolving threat intelligence that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States,” said Deputy National Security Advisor Anne Neuberger in a press briefing Monday.

Specific details about the cyber threat intelligence were not shared. However, during Monday’s White House briefing, Deputy Advisor Neuberger said that Russia had been conducting “preparatory activity,” which could mean scanning websites and hunting for vulnerabilities. She went on to say, “There’s a range of activity that malicious cyber actors use, whether they’re nation state or criminals.”

The Cybersecurity and Infrastructure Agency (CISA) and other government agencies have been urging private sector organizations to prepare for potential cyber incidents resulting from Russia’s invasion of Ukraine. They issued a Shield’s Up alert earlier this month but mentioned that there had been no specific threats uncovered at that point.

However, with this latest statement from the White House, the threat landscape has changed. As a result, there is no longer time to delay hardening your cyber defenses.

How to Prepare Your Organization for Possible Russian Cyber Attacks?

We have put together this checklist to help your organization evaluate its current level of preparedness considering these latest threats.

Follow Good Cyber Hygiene and Stay extra vigilant

  • Think before you click a link or open an email attachment.
  • Be wary of new social media requests.
  • Encourage employees to report suspicious emails, links, or requests.
  • Review and update passwords to ensure they are unique and complex—including home devices for those working remotely.

Reduce the likelihood of a damaging cyber intrusion

  • Institute Multi-Factor Authentication (MFA).
  • Utilize a Virtual Private Network (VPN).
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities.

Take steps to quickly detect a potential intrusion

  • Utilize antivirus and antimalware software to protect devices and networks.
  • If working with Ukrainian or Russian connections, take extra care to monitor, inspect, and isolate traffic from those organizations.

Ensure that your organization is prepared to respond if an intrusion occurs

  • Assure business continuity by designating a crisis-response team.
  • Review policies and procedures around incident response.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize your resilience to a destructive cyber incident

  • Test backups to ensure data can be restored within acceptable point and time objectives.
  • Identify critical vendors and understand how their services disruptions could impact your business.

To find out how you can further protect your organization, reach out to our security experts to learn more about our multi-layered security solutions.

by
Critical Infrastructure Sectors Target of Cybersecurity Bill

Critical Infrastructure Sectors Target of Cybersecurity Bill

Critical Infrastructure Sectors Target of Cybersecurity Bill

Earlier this month, the U.S. Senate unanimously passed a major piece of cybersecurity legislation. It requires companies in key sectors identified as critical infrastructure to report significant cyberattacks to the government within 72 hours. The legislation will have far-reaching impacts across most sectors.

The introduction of the Strengthening American Cybersecurity Act of 2022 comes as federal officials broadcast the likelihood of strengthening cybersecurity requirements as a national security response. The escalating conflict in Ukraine has only increased concerns that the United States could be the target of Russian cyberattacks.

Sen. Gary Peters of Michigan, the co-author of the bills, said: “As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government.”

The legislation, which still must pass the House, would require critical infrastructure owners and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours if they experience a cyberattack.

Several members of the U.S. House of Representatives, including Yvette Clarke and John Katko, both of New York, are working with Peters and Senator Rob Portman of Ohio to pass the bill in the House.

CISA identifies sixteen critical infrastructure sectors that provide essential services and are considered so vital that crippling cyber attacks would have a “debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Accordingly, these sectors are the target of the changes proposed within the Act.

What Are Considered Critical Infrastructure Sectors?

Critical Infrastructure Sectors Target of Cybersecurity Bill

Organizations within these sectors will have 12-18 months after passage of the Strengthening American Cybersecurity Act to implement these and other policies and practices:

  • Adopt Zero Trust, which is a shift away from the current practice of trusting all devices and traffic within a trusted network. Instead, zero trust applies security controls to ensure that employees have the appropriate access to the resources they need and that access is continuously assessed.
  • Apply the Principle of Least Privilege in managing access to data. With this approach to information security, end-users are given the minimum levels of access possible, and access to higher levels of access is reviewed regularly.
  • Execute improved mobile security standards and enhanced mobile device management (MDM). Implementing MDM allows IT departments to monitor, manage, and secure employees’ mobile devices that contain or access company assets.
  • Identify and strengthen protections for systems likely to be targeted by ransomware. In addition, prepare for potential breaches by having an incident response plan and practice implementing it with tabletop exercises.

Reach out to our security experts to learn how your organization can get a jump on protecting your business from cyber threats and comply with all current and future requirements. Coretelligent offers robust multi-layered cybersecurity solutions to keep your organization secure and compliant. With over 16+ years of experience helping clients navigate IT compliance regulations and strengthening their cybersecurity programs, we can help your firm understand and meet its regulatory requirements.

by
Backup files and data on internet with cloud storage technology that sync all online devices and computers with network connection, protection against loss, business person touch screen icon concept

The Importance of a Robust Backup and Disaster Recovery Plan

Are your backup and disaster recovery strategies robust enough to support your company in the face of a widespread disaster?

While many companies are asking that question over the past two years, being proactive about creating and maintaining a backup and disaster recovery plan isn’t a new concept for organizations.

Thousands of companies are faced with business disruptions on an annual basis due to natural disasters or other unexpected events.

The uncertainty of the world around us demands that IT and business teams work together to form a cohesive strategy that will help maintain consistent operations in the face of overwhelming odds and unexpected circumstances — the definition of a business continuity strategy.

Even if your company doesn’t currently have a plan in place, it’s not too late to review procedures and focus on the most important tactics in the event of extended interruptions to our daily lives.

Cloud-Based Backup Reduces Risk of Data Loss

Fully automated backup and disaster recovery solutions are available, but not all services are alike.

For instance, the CoreBDR solution from Coretelligent provides your organization with granular, fast and efficient backups that help reduce the risk associated with data loss when your staff members and contractors are working remotely.

This is a shift from backup strategies that have been employed in the past, which may require the physical presence of staff members onsite at a data center.

With automation supported by industry-leading software solutions and trained IT service providers, you gain an added peace of mind knowing that your business systems can be quickly restored or accessed remotely when needed.

Supporting Your Mobile Workforce

A crisis can change in days, leaving you with little time to purchase, provision and deploy a suite of devices to staff members in remote locations.

In this situation, it’s particularly critical to ensure that staff members understand the security principles needed for secure storage of company data and how to remotely access business applications.

Without access to company laptops or desktops that already contain solutions such as cloud-based data sync and direct connections to on-premise business applications and data, employees may resort to sharing directly from their personal machines or creating data connections that are less-than-secure.

Reduce this possibility by quickly rolling out standards and protocol for creating secure connections for a variety of different working configurations.

Protecting SaaS Data

There are companies such as Google and Microsoft that we can feel confident trusting that our business data will be fully protected in the event of a widescale disaster, but what about smaller SaaS providers?

Business data stored with mid-tier cloud software providers may also be at risk depending on the terms of your individual agreements.

Now is the ideal time to ensure that your digital assets are fully protected and that you will still be able to access vital structures and business systems during a protracted interruption in daily life — either for your company or that of your service provider.

While it would have been impossible to predict the coronavirus pandemic that swept the world, many of the strategies that you put in place with a traditional backup and disaster recovery strategy would translate well to this situation and future ones like it.

From protecting staff members and their personal information to ensuring that your remote access procedures have the highest level of security, IT teams are struggling to find their focus in this “new normal”.

Fortunately, the experts at Coretelligent have over a decade of experience working with organizations from a variety of industries to create proactive backup and disaster recovery strategies that can be quickly and securely executed based on the needs of your company.

Contact the Coretelligent team at 855-841-5888 or via email to info@coretelligent.com to schedule your complimentary initial consultation. You can also download a quick business continuity checklist or view our tips for working remotely

by
increased cyberattacks

Increased Cyberattacks Likely with Invasion of Ukraine Warns U.S.

Shields Up increased cyberattacksThe Cybersecurity & Infrastructure Security Agency (CISA), the U.S. Intelligence Community, law enforcement, and other agencies recently issued a Shields Up alert regarding a potential increase in cyberattacks related to Russia’s military action against Ukraine and subsequent sanctions against the Russian government and related entities.

While no specific cyber threats against U.S. targets have been identified, U.S. agencies and security experts recommend that all public and private sector organizations adopt a heightened cyber security posture.

They are warning about increased data breaches and ransomware attacks, and other types of attacks, not unlike what was seen in 2017 with the NotPeyta malware. Recent weeks saw distributed denial-of-service attacks (DDoS) on government websites and the discovery of HermeticWiper malware in Ukraine. In the past, Homeland Security and the FBI have accused what they called “Russian government cyber actors” of targeting energy, healthcare, and other critical infrastructure sectors in the U.S.

“From this point forward, military conflicts will extend into cyberspace,” shares Gregory H. Winger, assistant professor of political science, School of Public and International Affairs, and faculty fellow at the Center for Cyber Strategy and Policy at the University of Cincinnati in a recent article in CSO. He goes on to say about Wiper malware, “I have not seen any indications yet that this current campaign or malware has spread much beyond Ukraine. However, there are elements that appear to be patterned on NotPetya, which did go global.”

Guidance for Organizations

CISA is recommending U.S. businesses take a variety of actions considering the current situation, including, but not limited to:

Reduce the likelihood of a damaging cyber intrusion

Take steps to quickly detect a potential intrusion

    • Utilize antivirus/antimalware software to protect your entire network.
    • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations.

Ensure that the organization is prepared to respond if an intrusion occurs

    • Assure business continuity by designating a crisis-response team.
    • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize the organization’s resilience to a destructive cyber incident

    • Test backup procedures to ensure rapid restoration of critical data.
    • Test manual controls industrial control systems and operational technology to ensure that essential functions remain operable.

Additional recommendations from Coretelligent’s security experts include:

Stay extra vigilant

    • Think before you click a link or open an email attachment.
    • Be wary of new social media requests.

Prepare for further equipment delays

    • An already stressed global supply chain is vulnerable to the U.S. chip industry’s reliance on Ukrainian-sourced neon and other exports.

Ensure readiness to respond to a cyber incident

    • Review policies and procedures around incident response.

How to Protect Your Organization?

If you are concerned that your organization’s current cybersecurity posture is not robust enough to sufficiently handle the intensified conditions, reach out to learn more about Coretelligent’s multi-layered cybersecurity solutions.

CoreArmor is a customizable cybersecurity platform that provides a solid foundation of cybersecurity protections and can resolve specific security concerns and issues based on your business needs. Powered by AlienVault’s enterprise-class Unified Security Management® (USM) platform, CoreArmor delivers the following:

  • Managed Detection and Response (MDR) – End-to-end, round-the-clock expert monitoring and threat response.
  • 24x7x365 US-based Security Operations Center (SOC) – Intrusion detection monitoring and response in real-time.
  • Security Automation and Orchestration – Provides accelerated reaction time and extended protection.
  • Cloud Protection – Real-time monitoring of cloud infrastructure.
  • Geolocation – Identity suspicious login activity.
  • Behavioral Monitoring and Endpoint Detection & Response (EDR) – Monitor, collect, respond, and analyze endpoint data to identify threats and threat patterns.
  • SIEM and log management – Allows for expert human analysis and remediation.
by
IT Strategy for Business: 6 Components You Can't Ignore in 2023

IT Strategy: 6 Components You Can’t Ignore in 2023

In-house IT teams often become caught in a cycle of responding to issues as they arise instead of taking a proactive approach due to the overwhelming volume of tasks they must handle. But this break/fix method is not sustainable. To prioritize and support business goals, organizations must look beyond day-to-day transactional IT and toward long-term IT strategy for their business.

This need is why Coretelligent offers clients Virtual CIO (VCIO) sessions which provide an organization’s in-house IT with the leadership and guidance needed to make critical IT decisions. VCIO sessions are an opportunity to discuss the state of your IT infrastructure and how to make improvements so that it’s proactively supporting your operations.

Like all strategies, your IT strategy is not a set it and forget it process. At Coretelligent, we regularly evaluate our clients’ IT infrastructure and make proactive recommendations to keep them secure, compliant, positioned for growth, and aligned with their business goals. To ensure your IT roadmap aligns with your business initiatives, here are the topics we suggest you reevaluate at least once a year.

Six topics that you should address with your IT Partner in your next IT strategy session:

[ez-toc]

 

Laptops and hands on a table discussing IT Strategy for Business and the 6 Components You Can't Ignore in 2023

 

Cybersecurity

Year-over-year, cybersecurity attacks and incidents continue to increase. And with more companies shifting to a permanent hybrid or work-from-home policy, more vulnerabilities are uncovered every day. Without the proper infrastructure, remote work environments can present substantial security risks. Coretelligent stays abreast of cyber threats and compliance regulations in our client’s industries. We make recommendations to address these threats, as well as client-specific vulnerabilities.

Endpoint security is critical with the transition to a remote workforce. Your IT partner should be monitoring your infrastructure, including your endpoints for cybersecurity incidents, and running regular vulnerability assessments. During your IT strategy meetings, they should make recommendations on how you can improve your endpoint security with tools like endpoint detection and response (EDR) platforms and security awareness training. If your IT partner is providing user security awareness training, ask if they are validating the effectiveness of that training with phishing testing.

Compliance

In an ever-changing regulatory and security climate, firms that attempt to meet the obligations set forth by regulators by using manual processes can quickly cause inconsistencies that are not easily discovered without a full audit of systems and processes. Coretelligent’s VCIO sessions provide compliance strategies for aligning your policies, procedures, and systems with regulatory standards.

Proper access management is the foundation of cybersecurity and compliance. Your IT partner should regularly evaluate your current IT strategy and create a plan to close any compliance gaps. This includes reviewing and updating your data governance policies and procedures.

Cloud Strategy

There is no one-size-fits-all when it comes to cloud strategy. Many organizations take a multi-cloud approach, having a combination of public and private cloud solutions. Depending on your business needs, you may require a hybrid cloud model with some systems on the cloud while others remain on-premise. With a variety of combinations, how do you know which cloud strategy is right for you?

Ultimately, your cloud strategy will depend on your operations, data, business goals, and budget. Coretelligent’s consultative approach to cloud solutions ensures that client’s cloud strategies and solutions are built around their current and future business goals. If you have questions about scalability, mobility, and availability, the cloud is a topic you will want to discuss with your IT partner.

Collaboration Platforms

Daily operations rely on employees’ ability to communicate efficiently. Coretelligent provides clients with recommendations for collaboration tools that optimize workflows. Sometimes, clients can reduce costs by consolidating to one collaboration platform.

Your IT partner should make recommendations that increase productivity while maintaining security and compliance. Is your firm subject to compliance standards requiring communications archiving? An IT partner familiar with your industry and compliance standards can ensure you are securely archiving emails and video conferencing communications.

Business Continuity

In addition to optimizing your IT infrastructure for security and operational efficiency, Coretelligent uses time during your VCIO session to discuss business continuity. We evaluate the systems and procedures you have in place in the event of a breach or disaster and then make recommendations on how to improve them.

When was the last time you reviewed your disaster recovery plan? Have you tested it? Your IT partner should help you review and update your disaster recovery plan. They should ensure your backups are secure and accessible even during a disaster. Does your IT partner regularly maintain an asset inventory? Maintaining an accurate list of your assets and their locations is often required by regulatory agencies.

Digital Transformation

And finally, ensuring your business is positioned for continued success means making sure you can achieve your business goals and prepare your organization for the future. Digital transformation leverages platforms, tools, and expertly crafted IT strategy to create, implement, and maintain custom technology solutions that will keep your operations running smoothly.

Evaluation by a digital transformation consultant can help you navigate how to enhance process efficiency, improve customer experience, gain greater data insights, and even lower operational costs. Coretelligent’s CoreDTS team takes a holistic approach to assess and address common pain points that can be resolved with best-in-class technology and IT strategy.

 

A Comprehensive IT Strategy for Your Business

Not all IT teams or MSPs have the expertise to provide meaningful recommendations for your IT infrastructure. Too little experience could result in purchasing unnecessary or insufficient tools which can cost your business money. Organizations looking for long-term success must move away from the break-fix methodology.

At Coretelligent, IT strategy comes standard. We have years of experience developing IT roadmaps for firms in highly regulated industries like financial services and life sciences. Looking to improve your security, migrate to the cloud, or need support with IT planning and strategy? Coretelligent can help! Contact us to schedule a VCIO session.

by
White Glove IT Support

What is White Glove IT Support? Why Do You Need It?

The term White Glove support gets thrown around in the managed service space, but what does it really mean? For Coretelligent, White Glove IT support is a foundational philosophy, a badge of honor, what drives us, and is one of the attributes that makes us stand out in the market space.

White Glove IT SupportCoretelligent delivers White Glove service centered around the specific needs of clients. We understand that a one-size-fits-all IT model does not fit most businesses. So instead, we collaborate with our clients to offer customized IT solutions and an exceptional level of support to help our clients meet their business objectives.

While other MSPs may claim to offer White Glove service, the difference is entirely in the details.

What Does White Glove Mean to Coretelligent?

Around-the-clock Support and Access to Experts

Our U.S.-based service desks are staffed 24x7x365 by our own engineers. We do not use an answering or dispatch service, so there are no gatekeepers or time delays in resolving any issues you may experience.

An Extension of Your Team

We organize our service desk into “Service Pods” which means that clients interact with the same core group of engineers familiar with their environment and people. We aim to build strong relationships for a successful long-term partnership and provide your firm with a deep bench of technical experts.

Communication and Partnership

With our service delivery model, each client is assigned a Customer Success Manager (CSM) responsible for managing the business relationship. Your CSM is focused on optimizing our service delivery and ensuring the satisfaction of your workforce. They are your primary contact for any account concerns or questions.

Proactive Strategic Vision

Other managed service providers (MSP) operate using a reactive model—meaning you interact with them when something breaks. The Coretelligent approach is more thoughtful and preemptive. We offer strategic guidance and proactive ownership of your IT operations. We meet with our clients to help them develop and navigate an IT roadmap designed to ensure the best technology solutions are in place for achieving business goals.

IT SupportIndustry-specific Knowledge

Our deep expertise in key industries leads to managed IT services that meet your critical business needs today while positioning your organization for future opportunities.

Having an industry-knowledgeable partner is critical for companies in highly regulated sectors. For example, Coretelligent is SOC2® certified, which is crucial for verifying proper security controls for certain industries like life sciences and financial services. Additionally, our SOC2® certification represents our commitment to offering top-notch security and IT best practices to our clients.

The VIP Experience

We offer concierge-like support for clients and users looking for that extra level of detailed support, including interacting with VIP users. As part of the onboarding process, we work with clients to understand the expectations of VIP users, how they like to receive support, and their communication preferences.

Full IT Lifecycle

Coretelligent offers a full suite of solutions and has extensive experience supporting growing companies. Not all MSPs can scale, but we can. Choosing a full IT lifecycle partner guarantees continuity as your business expands or shifts in response to the marketplace. Coretelligent is prepared to provide everything from 24x7x365 technical support and cloud computing services to strategic road mapping and comprehensive compliance and cybersecurity solutions.

Holistic and Flexible

Our philosophy is to provide the service offerings that our clients need. We don’t attempt to fit you into our box but rather design the level of service you require around your vision. Whether you require fully outsourced IT or a co-managed solution, we will work with you to meet your needs. Additionally, whether you work in an AWS or Azure environment, we will meet you where you are and not push changes that suit only us.

The opportunities are endless with Coretelligent’s white-glove approach to designing, implementing, protecting, and supporting your IT operations. Our world-class experts, specialized know-how, and the industry’s best customer service will help drive your company’s innovation, performance, profit, and growth. Reach out to learn more about Coretelligent and how our solutions can work for you.

by
SEC Compliance Rule

SEC Signals New and Expanding Compliance Rules to Combat Cyber Crime

SEC Compliance RuleIndicates significant changes to regulations for broker-dealers, investment companies, RIA, and other market agents.

The SEC has been signaling the expansion of the compliance around cybersecurity for public financial firms for some time. Increased and intensified state-sanctioned cyber-attacks, data breaches, and ransomware have spotlighted the risk to the U.S. economy, its investment markets, and its investors.

“The economic cost of cyberattacks is estimated to be at least in the billions, and possibly in the trillions, of dollars,” said SEC Chair Gary Gensler in a speech on January 24th. “Hackers have attacked broker-dealers, government agencies, meat processors, and pipelines. These attacks can take many forms from denials-of-service to malware to ransomware.”

Referencing the 2021 Robinhood breach and the SolarWinds incident from 2020, Gensler mentions the joint work of the FBI, CISA, and the Biden administration is ratcheting up to curb the plague—not the COVID-19 pandemic, but the scourge of cybercrime.

He shares that the SEC is looking at ways to strengthen the financial markets’ cyber readiness and hints at a new and expanded compliance framework.

In terms of policy, there are three areas under scrutiny: cyber hygiene and preparedness, cyber incident reporting to the government, and disclosures to the public.

These areas call for IT solutions that prepare for, respond to, and report cyber events. Practices like access management and end-user training, which both reduce the likelihood of cyber incidents, will need to be implemented and reinforced. Additionally, a robust backup system and a disaster recovery plan should be developed or expanded for responding to any events that may happen. Depending on the specific language that ends up in new or expanded regulations, additional IT solutions will most likely be needed for compliance.

As far as which type of organizations may be facing new and strengthened regulations—the list includes SEC registrants in the financial sector, including broker-dealers, investment companies, registered investment advisers, and others. Also in the crosshairs are public companies, third-party service providers, and other organizations not currently registered with SEC, but which support or interact with SEC-registered companies.

Specific regulations that the SEC is proposing to change:

  1. Expanding Regulation Systems Compliance and Integrity (Reg SCI) to cover more entities, including market-makers, broker-dealers, and other financial entities. Reg SCI requires SEC registrants have robust sound technology programs, business continuity plans, testing protocols, data backups, and more.
  2. Implementing new regulations for financial sector registrants, like investment companies, investment advisers, and broker-dealers, not covered by Reg SCI around cybersecurity hygiene practices and incident reporting.
  3. Modernizing Regulation S-P, which deals with data privacy, changing the scheduling and content of notifications to clients about data breaches involving personally identifiable information.

These changes would significantly impact a wide array of companies and subject them to expanded or newly instituted regulations that they may not be prepared to meet.

If your organization requires assistance with keeping up with and implementing these and any other cybersecurity compliance requirements, reach out to our experts. Coretelligent has a suite of solutions, including CoreArmor and CoreBDR, designed to address the compliance and security needs of the financial sector. With over 16+ years of experience helping clients navigate a whole host of IT compliance regulations and bolstering their cybersecurity posture, we can help your firm understand and meet its regulatory requirements.

 

 

 

by
Solving Cybersecurity on-demand webinar

Watch Solving Cybersecurity for Financial Services On-demand Webinar

On-demand webinarWe get it. As executives and IT professionals, you are busy. To that end, we are debuting a new series of short on-demand webinars intended to answer the most commonplace requests we receive. These webinars are designed to connect your firm’s real-world problems with the solutions that address them. They are short and available on your timetable—no signing up for a scheduled webinar and then missing it because you get pulled into a meeting!

The first video is for financial services firms needing guidance on strengthening cybersecurity readiness and compliance response.

Better understand how to effectively respond to the moving target of the twin challenges of cybersecurity and compliance with our free on-demand webinar.

This short compliance and cybersecurity webinar focuses on the following topics:

  • IT Pillars of compliance
  • Cybersecurity priorities for SEC compliance
  • Tips on how to improve cyber readiness and meet compliance
  • And more!

→ Sign up here to watch the webinar.

On-demand webinar

by
CISA alert

CISA Urges Organizations Safeguard Now Against Possible Critical Cyber Threats

Critical Cyber Threats - CISAYesterday, the Cybersecurity Infrastructure & Security Agency (CISA), the federal agency charged with protecting the nation’s cyber infrastructure, released a notice from the National Cyber Awareness System. Based on recent malicious cyber incidents in Ukraine, CISA urges organizations across all sectors and of any size to be on alert for malicious cyber activity. The agency also provided a checklist of actions to take immediately.

To reduce the likelihood of destructive cyber intrusions, CISA recommends that business leaders immediately:

  1. Institute multi-factor authentication
  2. Ensure that software is up to date
  3. Disable all ports and protocols that are not essential for business purposes
  4. Review and implement strong controls for cloud services
  5. Conduct vulnerability scanning

CISA also advises that organizations take the following steps to detect potential intrusions:

  1. Identify and assess unusual network behavior. Enable logging to investigate issues better.
  2. Protect networks with antivirus and antimalware software and that these tools are up to date.
  3. Closely monitor traffic and review access controls if dealing with Ukrainian organizations

Additional recommendations can be found at CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.

If your organization requires assistance with implementing these and other cybersecurity initiatives, reach out to our security experts.

 

by