Newsroom
April 17, 2014
SEC plan targets cybersecurity for firms
April 18, 2014 – The Securities and Exchange Commission has joined the growing list of agencies and coalitions alerting financial institutions about cyber risks to their systems and data.
Reutersreported that the commission has unveiled an outline detailing how its examiners will ensure non-depository financial firms are prepared for various cyber attacks. The plan addresses the types of information SEC examiners might request from brokerages and asset managers during inspections, including "a comprehensive list of when they detected malware, suffered a ‘denial of service' attack or discovered a network breach since January 2013."
It was also noted in the outline that the SEC plans to examine more than 50 firms on cyber security issues. (SEC has meanwhile been flagged in a new Government Accountability Office report for weakness in its own systems.)
Last week, the Federal Financial Institutions Examination Council issued an alert to credit unions and banks about the "Heartbleed" vulnerability for OpenSSL servers. FDIC, also last week, issued a list of online resources about cyber risks and encouraged financial institutions to use them.
The Justice Department and Federal Trade Commission also circulated a policy to the Financial Services Sector Coordinating Council – NAFCU is a founding member – that encourages private entities not to let concerns about antitrust issues stop them from the prudential sharing of cybersecurity data with other parties.
Credit unions are subject to rigorous federal rules on the mitigation of cyber risks and protection of members' data. NAFCU continues to press for legislation that would require merchants to adopt data security standards similar to those required of financial institutions under the Gramm-Leach-Bliley Act.
Reutersreported that the commission has unveiled an outline detailing how its examiners will ensure non-depository financial firms are prepared for various cyber attacks. The plan addresses the types of information SEC examiners might request from brokerages and asset managers during inspections, including "a comprehensive list of when they detected malware, suffered a ‘denial of service' attack or discovered a network breach since January 2013."
It was also noted in the outline that the SEC plans to examine more than 50 firms on cyber security issues. (SEC has meanwhile been flagged in a new Government Accountability Office report for weakness in its own systems.)
Last week, the Federal Financial Institutions Examination Council issued an alert to credit unions and banks about the "Heartbleed" vulnerability for OpenSSL servers. FDIC, also last week, issued a list of online resources about cyber risks and encouraged financial institutions to use them.
The Justice Department and Federal Trade Commission also circulated a policy to the Financial Services Sector Coordinating Council – NAFCU is a founding member – that encourages private entities not to let concerns about antitrust issues stop them from the prudential sharing of cybersecurity data with other parties.
Credit unions are subject to rigorous federal rules on the mitigation of cyber risks and protection of members' data. NAFCU continues to press for legislation that would require merchants to adopt data security standards similar to those required of financial institutions under the Gramm-Leach-Bliley Act.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.