As a broker-dealer firm executive, you know that one of FINRA’s key mandates is to help prevent cyberattacks against its regulated firms. The Financial Industry Regulatory Authority, or FINRA, is, of course, a not-for-profit regulatory organization authorized by Congress to protect investors and ensure market integrity in the United States. This post will explore some of the most common cybersecurity threats faced by FINRA firms.
What are the Most Common Cybersecurity Threats for Broker-Dealer Firms?
Now more than ever, broker-dealer firms rely on their technology infrastructure the cyber landscape presents a regular number of security challenges requiring robust preparedness for brokerages and other financial services firms.
1. Imposter Websites
According to FINRA, member firms routinely report phony websites posing as FINRA members and using registered names and company data to establish fraudulent sites that market investment services and products. These sites attempt to steal both personal information and money by leading visitors to believe they are interacting with a bona fide business.
2. Customer And Firm Employee Account Takeovers (ATOs)
Email account takeovers can occur with both customer or firm personnel accounts and begin with a comprised email account. Cybercriminals can gain unauthorized access to email accounts through data breaches, phishing emails, or websites that trick users into clicking on malicious links allowing them to execute unauthorized transactions in financial accounts, firm systems, bank accounts, and credit cards.
One of the dangers of an ATO for an employee account includes criminals creating fake identities to establish accounts for automated clearing house (ACH) or wire fraud.
3. Malware and Ransomware
Malware is malicious software and can take many forms, including viruses, spyware, and ransomware. These malevolent programs can steal data, encrypt it, delete it, and even hold it for ransom by infiltrating and taking over computing operations. Phishing is one of the most common ways that malware is introduced. Ransomware is a type of malware that, when launched, can encrypt data and prevent access to networks until a ransom is paid to the attacker.
4. Data Breaches
A data breach is a security incident in which hackers gain unauthorized access to confidential data like financial records or personally identifiable information (PII). Data breaches can lead to financial losses, reputational damage, lawsuits, and fines and penalties.
What Can FINRA Firms do to Prepare?
Earlier this year, FINRA, along with the SEC, Homeland Security, and other agencies, alerted members to the increased likelihood of cyber attacks as part of the invasion of Ukraine with a Sheilds Up warning.
In a recent op-ed, written by Jen Easterly, the director of CISA, and Chris Inglis, the national cyber director, the pair consider when the Sheilds Up warning might be lifted:
“When will we be able to put our shields down? In today’s complex, dynamic, and dangerous cyberthreat environment, the answer is that our shields will likely be up for the foreseeable future.
For broker-dealer firms, this means continuing to follow the guidance provided by FINRA as well as cybersecurity professionals with experience within the financial services sector. There are cybersecurity controls that can mitigate the risk of cyber attacks.
Cybersecurity Threats and Effective Controls for FINRA Firms Infographic provides a quick overview of the threats faced by FINRA firms, as well as the controls to implement to reduce the risks from those threats.Additionally, our
Combining Cybersecurity Controls and Expertise
Balancing business initiatives with security and technology can seem challenging, particularly for broker-dealer firms without an internal team of cybersecurity experts, but Coretelligent can help. We offer our expertise and robust cybersecurity solutions to solve the challenges of the highly regulated financial services industry. In addition, we have years of experience working with broker-dealer firms and other firms like hedge funds, venture capital, and family offices. As a result, we understand the pain points these firms face in the digital world and have the solutions—from compliance and cybersecurity to growth and business transformation—to solve them.