On January 28, 2020, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a detailed set of observations culled from thousands of examinations of registered investment advisers, broker-dealers, clearing agencies, national exchanges, and other SEC registrants (“Observations”). These Observations represent the most detailed compilation of strategies and tools that OCIE has observed to promote […]
Cybersecurity
NIST Publishes Privacy Framework Version 1.0
On January 16, 2020, the National Institute of Standards and Technology (“NIST”) published Version 1.0 of its Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“Privacy Framework”). A draft version was initially published for public comment on September 6, 2019. The new Privacy Framework is designed to support organizations in building customer’s […]
FTC Consumer Protection Bureau Director Highlights Efforts to Strengthen Data Security Orders
On January 6, 2020, the Federal Trade Commission’s (FTC) Bureau of Consumer Protection Director Andrew Smith published a blog post summarizing the agency’s “New and improved FTC data security orders,” as part of its efforts to provide “better guidance for companies” and “better protection for consumers.” Smith noted that strengthening the FTC’s orders in data […]
Warning: Iranian Cyber Response Possible Against Private Industry
After Friday’s announcement of the killing of Major General Qassem Soleimani, a leader of Iran’s Quds Force, several regulators have put industry on high alert of the increased potential for cyber-attack. Iran has a known history of launching cyber-attacks against US industry, and regulators warn industry to prepare for a possible rise in cyber-attacks. The […]
Treasury Announces Sanctions Against Cybercriminal Group Behind ‘Dridex’ Malware, Offering Mitigation Strategies for Businesses
On December 5, 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Evil Corp, a Russian cybercriminal organization that is known for distributing the Dridex malware. Dridex is a banking trojan that has been used to target financial institutions across the globe and has resulted in more than $100 million […]