“As markets, market participants, and their vendors have increasingly relied on technology, including digital connections and systems, cybersecurity risk management has become essential,” the report adds.
“Indeed, in an environment in which cyber threat actors are becoming more aggressive and sophisticated — and in some cases are backed by substantial resources including from nation state actors — firms participating in the securities markets, market infrastructure providers and vendors should all appropriately monitor, assess and manage their cybersecurity risk profiles, including their operational resiliency.”
In the area of mobile security, for instance, “mobile devices and applications may create additional and unique vulnerabilities,” the report notes.
OCIE has observed the following mobile security measures at organizations utilizing mobile applications:
- Policies and procedures. Establishing policies and procedures for the use of mobile devices.
- Managing the use of mobile devices. Using a mobile device management (MDM) application or similar technology for an organization’s business, including email communication, calendar, data storage and other activities. If using a “bring your own device” policy, ensuring that the MDM solution works with all mobile phone/device operating systems.
- Implementing security measures. Requiring the use of multi-factor authentication for all internal and external users. Taking steps to prevent printing, copying, pasting or saving information to personally owned computers, smartphones or tablets. Ensuring the ability to remotely clear data and content from a device that belongs to a former employee or from a lost device.
- Training employees. Training employees on mobile device policies and effective practices to protect mobile devices.
— Check out FINRA, SEC Warn of Ongoing Cyber Threats on ThinkAdvisor.