Overview
This publication outlines emerging insider threat risks and helps member firms identify, prevent, detect, and respond to these threats, including:
Given the evolving nature, increasing frequency, and mounting sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for firms and FINRA.
FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.
These pages are designed to assist a firm in building out its cybersecurity program by addressing the individual risks and discussing related controls needed to protect customer and firm confidential data. FINRA has updated this Cybersecurity page to include the following resources:
Firms should get to know their local Federal Bureau of Investigation (FBI) and proactively plan for a cybersecurity attack or breach.
In case your firm is the victim of a disruptive attack or breach, for instance your data has been accessed or your customers cannot do business, you should immediately report the incident to your:
If you need RANSOMWARE assistance, one helpful resource is CISA’s Stop Ransomware!
Unsuccessful and successful cyber-related incidents could require that a SAR be filed, for more information visit The Financial Crimes Enforcement Network (FinCEN)’s guidance.
This section highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.
Learn more about common cybersecurity threats
May 16-18 | Washington, DC| Hybrid Event
FINRA's premier event—the Annual Conference provides the opportunity for practitioners, peers and regulators to exchange ideas on today's most timely compliance and regulatory topics.
March 30
This one-day conference brings together regulators, thought leaders and industry practitioners to discuss the use of Cloud Computing, and related opportunities and challenges.
March 29
FINRA’s Cybersecurity Conference helps you stay current on today’s cybersecurity challenges and the ways in which organizations can understand vulnerabilities and threats, and create resilience against cyber attacks.
It is crucial that small financial firms take proper cybersecurity measures to protect their clients and firm. Join FINRA staff and industry panelists as they discuss the “why” behind threat-informed effective practices applicable to small firms, and how they can fit cybersecurity into their already overloaded schedule.
Moderator: David (Dave) Kelley, FINRA Member Supervision
Panelists: Peter Falco, Financial Services Information Sharing and Analysis Center (FS-ISAC) Jennifer Szaro, CRCP®, XML Securities, LLC
June 23, 2021
Join FINRA cybersecurity leaders as they discuss the current state of cybersecurity and the ever-changing threat landscape. The conversation will focus on three facets of FINRA’s cybersecurity initiatives: how FINRA secures its own systems, unique security features of the Consolidated Audit Trail (CAT) system, and how FINRA supports member firms’ cybersecurity programs.
Small Firm Cybersecurity Checklist
FINRA has created a Checklist for a Small Firm's Cybersecurity Program to assist small firms in establishing a cybersecurity program.
Compliance Vendor Directory (CVD)
In an effort to provide enhanced compliance tools and resources, FINRA has developed the Compliance Vendor Directory (CVD). The FINRA CVD is designed to give firms more options in locating vendors that provide compliance-related offerings, including cybersecurity vendors and services.
Core Cybersecurity Threats and Effective Controls for Small Firms
This tool helps small firms enhance their customer information protection, and cybersecurity written supervisory programs and related controls by (1) highlighting the most common and recent categories of cybersecurity threats; (2) providing a summary of effective core controls; and (3) listing relevant terms and additional resources.
Report on Selected Cybersecurity Practices
The Report on Selected Cybersecurity Practices – 2018 is a detailed review of effective information-security controls at securities firms. The report is designed to help broker-dealers – including small firms – further develop their cybersecurity programs. The report addresses areas that firms tend to find most challenging: cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.
Report on Cybersecurity Practices
In 2014 and 2011, FINRA reviewed firms' cybersecurity practices to better understand the types of cybersecurity threats firms face and how they counter these threats. This report highlights effective practices in the industry and discusses a risk management-based approach to cybersecurity.
Non-FINRA Resources
FINRA has assembled a list of industry and governmental cybersecurity resources that firms may use to manage their cybersecurity risk.
This publication outlines emerging insider threat risks and helps member firms identify, prevent, detect, and respond to these threats, including:
Impact: All Firms
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain names “@finrarps.org” or “@finrarps.net”. The domains of “finrarps.org” and “finrarps.net” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
The email from “finrarps.org” states:
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@finra.eu” and “@finrarec.com”. Samples of both emails are provided in Appendices 1 and 2.
The domains of “finra.eu” and “finrarec.com” are not connected to FINRA, and member firms or their customers may receive similar phishing emails from other domain names in addition to those identified in this Alert.
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@filling-regfinra.com”. The domain of “filling-regfinra.com” is not connected to FINRA, and firms should delete all emails originating from this domain. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
The email states:
Dear Name,
I hope all is well!
FINRA’s National Cause and Financial Crimes Detection (NCFC) Cyber and Analytics Unit (CAU) has noted a recent alert issued by Microsoft on May 30, 2022.
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program is highlighting a statement released today by President Biden regarding possible threats to our nation’s cyber security, urging private sector companies to remain vigilant and harden their cyber defenses "immediately" based on "evolving intelligence that the Russian Government is exploring options for potential cyberattacks." The President
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to bring an important cyber-related development to your attention. The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a “Shields Up” warning this week regarding potential Russian cyberattacks to target U.S. organizations related to Russia’s potential destabilizing actions against Ukraine. CISA advised that while there are not currently any specific credible threats to the U.S., they recommend that all organizations, namely U.S.
Cloud computing is transforming how broker-dealers operate by providing opportunities to enhance agility, efficiency, resiliency and security within firms’ technology and business operations while potentially reducing costs. As a result, cloud computing is increasingly seen by many firms as an important architectural component to their infrastructure.
Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:
This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.
This report continues FINRA’s efforts to share information that can help brokerdealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks. Similarly, FINRA continues to see problematic cybersecurity practices in its examination and risk monitoring program. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity.
Overview – The following tool identifies key cybersecurity risks currently facing small firms and helps them enhance their customer information protection, and cybersecurity written supervisory programs (WSPs) and related controls, including: