IT Security & Privacy

FINRA’s 2024 regulatory oversight report has emerged providing new guidance and insight regarding the emerging risk landscape, including such topics as financial crime, operational and communications risks, market integrity concerns, and financial custodianship.The report seeks to provide guidance on these themes. Providing observations, recommendations, and associated obligations across each topic. The frontrunner for these categories is cybersecurity, which FINRA asserts is critical to success in all other areas of compliance, risk management, and long-term organizational health.

The Federal Trade Commission (FTC) has issued an order prohibiting data broker X-Mode Social and its successor, Outlogic, from selling sensitive location data. The decision comes in response to allegations that the companies sold precise location data that could potentially be exploited to track individuals’ visits to sensitive locations such as medical and reproductive health clinics, religious worship places, and domestic abuse shelters.

As we bid farewell to 2023, it's essential to reflect on the year's cybersecurity landscape, marked by a series of impactful breaches, leaks, and cyber threats. While the world grappled with political turmoil, the digital realm witnessed a Groundhog Day of incidents rather than groundbreaking offensive hacking innovations. Here's a recap of some of the worst cyber attacks and breaches that defined the year:

Corewell Health has found itself at the center of another data breach, further highlighting the persistent threat that malicious actors pose to health systems. The latest incident involves HealthEC, a vendor of Corewell Health, with a mission to "identify high-risk patients, close gaps in care, and recognize barriers to optimal care."

In a concerted effort to bolster cyber resilience in the financial sector, the UK's Financial Conduct Authority (FCA), Bank of England, and Prudential Regulation Authority (PRA) have released a comprehensive set of guidelines highlighting good practices for firms to adopt. The initiative underscores the regulators' commitment to enhancing operational resilience and fortifying the financial system against cyber threats.

Today marks a pivotal moment in the realm of financial regulatory compliance as the U.S. Securities and Exchange Commission's (SEC) new cybersecurity incident disclosure rules, specifically Form 8-K, come into effect. This initiative, aimed at bolstering transparency and fortifying the response to cybersecurity incidents, applies to all filers except smaller reporting companies. The rules mandate reporting to the SEC within four business days from the determination of materiality.

In anticipation of the Securities and Exchange Commission's (SEC) upcoming requirements for companies to disclose material cybersecurity incidents, the Federal Bureau of Investigation (FBI), in collaboration with the Department of Justice, is providing crucial guidance for victims of cyber incidents. With the SEC's new rules set to take effect on December 18, 2023, the FBI aims to assist companies in navigating these reporting requirements, particularly in scenarios involving national security or public safety concerns.