Tuesday, November 22, 2016

Tripwire Study: Retailers Overconfident in Endpoint Cyber Security Despite Point-of-Sale Threats

Are your IT professionals overconfident about your company’s cybersecurity?

We’ve all heard the phrase “you don’t know what you don’t know” used either as a cautionary tale or in a “let the chips fall where they may” sigh of resignation. While this type of thinking may encourage your team to dig in and actually seek out what they don’t know, it is far too often the hallmark of a team resigned to the status quo. This type of thinking form your IT department can be deadly to your company.

On the other hand, overconfidence on the part of your IT department, while perhaps soothing in a boardroom, can also sound the death knoll for your company.  When you query your IT department on potential threats and planned mitigation, how do you know that you are getting realistic data, as opposed to overly optimistic bravado? How much will it cost your company if they are wrong?

Overconfident IT Professionals

Acutely aware of this issue, Dimensional Research recently undertook a

Read more . . .

Friday, June 26, 2015

Industry Warnings About Attacks on Securities Firms' Websites

Distributed Denial of Service (DDoS) Attacks on Financial Services Firms

Cybersecurity continues to be a concern for broker-dealers and investment advisers and a focus of FINRA and the SEC. FINRA issued a Report on Cybersecurity Practices in February 2015, and the SEC’s Division of Investment Management released Cybersecurity Guidance in April, to highlight effective practices that firms should consider to strengthen their cybersecurity programs.

Within the past two weeks, several firms have informed FINRA that they have been subject to DDoS attacks originated by a cyber-criminal group known as DD4BC. A successful DDoS attack renders a website or network unavailable for its intended users by overwhelming the site with incoming messages. It appears that DD4BC has been targeting financial services/broker-dealer firms that have an online presence.

In these incidents, DD4BC first sends the firm an email announcing that the firm will be a target for a DDoS attack, but that the firm can avoid the attack by paying a ransom in Bitcoin. DD4BC conducts a short “demonstration” attack, typically lasting about one hour, with the threat of further attacks if the ransom is not paid. DD4BC requests payment within 24 hours to prevent further attacks.

If you receive a communication from DD4BC or experience a similar attack, you should contact your local FBI and SEC offices and, for broker-dealers, FINRA. In addition, ensure you have plans in place to address this type of incident. Elements of a DDoS response plan may include:

• The use of DDoS mitigation and monitoring tools (firms should consider contacting your Internet service provider (ISP) to put service-provider side traffic filters in place); and
• Preparation of contingency communications plans for customers if a firm’s website is unavailable.

This post quotes liberally from FINRA’s June 19 Information Notice.

The law firm of Lehman & Eilen LLP has advised numerous clients on securities regulatory matters for more than 20 years, and its senior lawyers each have more than 30 years of experience.  Our attorneys are uniquely qualified to advise broker-dealers and investment advisers on compliance issues, and we provide zealous and effective representation to clients facing regulatory investigations and enforcement actions. Contact us today at (516) 222-0888 to learn how our knowledge can be put to work for you.

© 2021 Lehman & Eilen LLP | Attorney Advertising
50 Charles Lindbergh Blvd, Suite 505, Uniondale, NY 11553
| Phone: (516) 222-0888

Overview of Services | Broker-Dealers | Investment Management | Transactional and Business Law | Counseling and Compliance | Private and Public Financings | Securities Exchange Act Reporting | Regulatory Investigations and Enforcement Actions | Dispute Resolution | Special Regulatory Counsel | Our Professionals | About Our Firm

Law Firm Website Design by
Amicus Creative