Skip to main content

Cybersecurity

Given the evolving nature, increasing frequency, and mounting sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for firms and FINRA. 

FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training.  Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.

These pages are designed to assist a firm in building out its cybersecurity program by addressing the individual risks and discussing related controls needed to protect customer and firm confidential data.  FINRA has updated this Cybersecurity page to include the following resources:

  • In case of a Disruptive Attack or Breach
  • Common Cybersecurity Threats
  • Events
  • Reports
  • Compliance Tools
  • FINRA Cybersecurity Contact

In Case of a Disruptive Attack or Breach

Firms should get to know their local Federal Bureau of Investigation (FBI) and proactively plan for a cybersecurity attack or breach.

In case your firm is the victim of a disruptive attack or breach, for instance your data has been accessed or your customers cannot do business, you should immediately report the incident to your:

If you need RANSOMWARE assistance, one helpful resource is CISA’s Stop Ransomware!

Unsuccessful and successful cyber-related incidents could require that a SAR be filed, for more information visit The Financial Crimes Enforcement Network (FinCEN)’s guidance.


Common Cybersecurity Threats

This section highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.

  • Phishing
  • Imposter Websites
  • Malware
  • Customer Account Takeover (ATO)
  • Firm Account Compromise or Takeover
  • Fraudulent Wires or ACH Transactions
  • Ransomware
  • Distributed Denial-of-Service (“DDoS”) Attacks
  • Vendor Breaches

Past Events

2024 Cybersecurity Conference
February 6 | New York, NY | Hybrid Event
FINRA’s Cybersecurity Conference is a one-day, hybrid event that is designed to help you stay current on today’s cybersecurity challenges, understand vulnerabilities and latest threats and create resilience against cyber-attacks.

2022 FINRA Annual Conference
May 16-18 | Washington, DC | Hybrid Event
FINRA's premier event—the Annual Conference provides the opportunity for practitioners, peers and regulators to exchange ideas on today's most timely compliance and regulatory topics.

2022 Cloud Computing Conference
March 30
This one-day conference brings together regulators, thought leaders and industry practitioners to discuss the use of Cloud Computing, and related opportunities and challenges.

2022 Cybersecurity Conference
March 29
FINRA’s Cybersecurity Conference helps you stay current on today’s cybersecurity challenges and the ways in which organizations can understand vulnerabilities and threats, and create resilience against cyber attacks.

Compliance Tools

Small Firm Cybersecurity Checklist
FINRA has created a Checklist for a Small Firm's Cybersecurity Program to assist small firms in establishing a cybersecurity program.

Core Cybersecurity Threats and Effective Controls for Small Firms
This tool helps small firms enhance their customer information protection, and cybersecurity written supervisory programs and related controls by (1) highlighting the most common and recent categories of cybersecurity threats; (2) providing a summary of effective core controls; and (3) listing relevant terms and additional resources.

Report on Selected Cybersecurity Practices
The Report on Selected Cybersecurity Practices – 2018 is a detailed review of effective information-security controls at securities firms. The report is designed to help broker-dealers – including small firms – further develop their cybersecurity programs. The report addresses areas that firms tend to find most challenging: cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.

Report on Cybersecurity Practices
In 2014 and 2011, FINRA reviewed firms' cybersecurity practices to better understand the types of cybersecurity threats firms face and how they counter these threats. This report highlights effective practices in the industry and discusses a risk management-based approach to cybersecurity.

Non-FINRA Resources
FINRA has assembled a list of industry and governmental cybersecurity resources that firms may use to manage their cybersecurity risk.

  • Guidance
    Companies that use Fortinet’s FortiManager product could be exposed to a remote, unauthenticated attacker executing arbitrary code or commands due to a critical product vulnerability (CVE-2024-47575), according to two recent alerts from the Cybersecurity & Infrastructure Security Agency (CISA).
    October 31, 2024
  • Report / Study
    The term “metaverse” has attracted significant attention and curiosity in recent years from the media, entertainment and technology sectors. Though the term has no concrete definition, and interpretations may differ, the metaverse is generally viewed as the next evolution of today’s internet.
    October 24, 2024
  • Guidance
    On Oct. 16, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) released Cybersecurity Advisory - AA24-290A, which provides threat actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Iranian cyber actors. In light of the historical proclivity of Iranian threat actors targeting the financial services industry, FINRA is sharing this information with member firms.
    October 16, 2024
  • Guidance
    This notification warns member firms of an ongoing phishing campaign that began on or around Oct. 9 that involves fraudulent emails purporting to be from FINRA executives, in some instances containing a PDF attachment. These emails are not from FINRA, and firms should delete them and consider blocking their domains.
    October 09, 2024
  • Guidance
    The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program highlights recent cybersecurity risks at third-party providers (commonly referred to as third-party vendors) impacting member firms.
    September 09, 2024
  • Guidance
    The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program highlights recent reports of a CrowdStrike service outage affecting Microsoft operating systems. FINRA continues to monitor the outage.
    July 19, 2024
  • Guidance
    On June 25, 2024, Progress Software released the MOVEit Transfer Critical Security Alert Bulletin (the Alert Bulletin) for CVE-2024-5806, a newly identified Critical Vulnerability, which was described as an Improper Authentication vulnerability in MOVEit Transfer, Secure File Transfer Protocol (SFTP) module and could lead to Authentication Bypass.
    June 27, 2024
  • Guidance
    ONNX Store, a Phishing-as-a-service platform (PhaaS), is targeting Microsoft 365 (M365) accounts at FINRA member firms with an advanced social engineering attack known as quishing: a business email compromise (BEC) attack that uses QR codes in embedded PDF documents to redirect victims to phishing URLs.
    June 21, 2024
  • Guidance
    The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting recent updates to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, which is a resource designed to help organizations manage and reduce cybersecurity risks, regardless of their degree of cybersecurity sophistication.
    June 13, 2024
  • Guidance
    The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting the SEC’s recent amendments to Regulation S-P.[1] On May 15, 2024, the SEC announced the adoption of amendments designed to modernize and enhance the protection of consumer financial information by broadening the scope of information covered by Regulation S-P’s requirements and requiring covered institutions to (1) adopt an incident response program and (2) notify affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization.
    June 06, 2024
  • Guidance
    This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the e-mail addresses “[email protected]” and “[email protected]”. The e-mail addresses and domain “data-finra.org” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
    April 04, 2024
  • Guidance
    As we approach the end of the first quarter of 2024, FINRA’s Cyber and Analytics Unit (CAU) proactively warns member firms of continuing social engineering campaigns involving fraudulent representations of individuals purporting to be FINRA representatives. As with many types of social engineering campaigns, threat actors may use website domain names (sites) that are similar to FINRA.org (e.g., Finra-latam.org, finra.world, finra.eu), fraudulently use FINRA’s logo or purport to be legitimate FINRA employees. These domains and individuals are not associated with FINRA.
    March 01, 2024
  • Guidance
    LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms. Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations. As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.
    January 25, 2024
  • Guidance
    The Cybersecurity and Technology Management topic of the 2024 FINRA Annual Regulatory Oversight Report (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations and related considerations, (2) findings and effective practices, and (3) additional resources.
    January 09, 2024
  • Guidance
    With the holiday season upon us and 2023 coming to an end, FINRA’s Cyber and Analytics Unit (CAU) would like to remind member firms to prepare for cyber threats and attacks that may occur around the holidays. Member firms and their vendors should consider reviewing and validating their Written Supervisory Procedures (WSPs), continuing to educate their employees with respect to cybersecurity and effective practices, and testing incident response plans (IRPs) to prepare for, prevent, or recover from an incident.
    December 12, 2023
  • Guidance
    FINRA’s Cyber and Analytics Unit (CAU) is highlighting an Okta data breach spanning from September 28 to October 17, 2023 that impacts Okta customer support system users.  Okta reported that threat actors downloaded names and email addresses, along with other relevant metadata, of their customer support system users. The information could be leveraged in phishing or other social engineering attacks and potentially lead to the targeting of firm personnel in an Okta administrator or customer support role.
    December 11, 2023
  • Guidance
    The prevalence of cybersecurity incidents continues to increase at FINRA member firms. As a result of the continued proliferation of cybercrime, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is issuing this advisory to highlight effective practices and considerations for member firms when responding to cyber incidents, including the benefits of voluntarily reporting information related to the incident to various entities.
    November 30, 2023
  • Guidance
    Due to increased reports related to cyber incidents occurring at FINRA member firms which have been attributed to specific threat actors, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on November 16, 2023, which may be updated as new intelligence is uncovered.
    November 17, 2023
  • Guidance
    FINRA is highlighting recently reported vulnerabilities that impact Citrix NetScaler services including NetScaler ADC and NetScaler Gateway. Threat actors can exploit these vulnerabilities to exfiltrate sensitive information and to infect data and systems with ransomware. These Citrix services are typically used in support of internet-based application systems, to balance and manage incoming requests, and to enhance security and resiliency.
    November 10, 2023
  • Report / Study
    /**/

    Quantum mechanics is a branch of physics that deals with the complex properties of atoms and sub-atomic particles.2 Quantum computing leverages the principles of quantum mechanics to solve problems too large or complex for traditional computers.

    October 30, 2023
  • Guidance
    This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@rfs-finra.org”.
    October 13, 2023
  • Guidance
    The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting the new SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure that were adopted on July 26, 2023. The SEC adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy and governance in annual reports.
    September 21, 2023
  • Guidance
    FINRA is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on August 30, 2023, which may be updated as new intelligence is uncovered.
    August 31, 2023
  • Guidance
    FINRA is highlighting a recent Federal Bureau of Investigation (FBI) Flash published on August 23, 2023. According to the FBI Flash, all exploited Barracuda Email Security Gateway (ESG) appliances, even those with up-to-date security patches, remain at risk for continued computer network compromise from threat actors exploiting a zero-day vulnerability documented in CVE-2023-2868. 
    August 28, 2023
  • Guidance

    Impact: All Firms

    Update (June 22, 2023): The link to the Advisory issued by CISA on June 7, 2023 has been updated to reflect CISA’s current guidance.

    Firms should review this information with any vendors who provide information technology services to the firm.

    June 16, 2023
  • Guidance

    Impact: All Firms

    Firms without dedicated information security professionals may wish to review this information with any vendors who provide those services to the firm.

    June 15, 2023
  • Guidance

    Overview

    This publication outlines emerging insider threat risks and helps member firms identify, prevent, detect, and respond to these threats, including:

    April 18, 2023
  • Guidance

    Impact: All Firms

    This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain names “@finrarps.org” or “@finrarps.net”. The domains of “finrarps.org” and “finrarps.net” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

    The email from “finrarps.org” states:

    April 04, 2023
  • Guidance
    This follow-up to the September 2021 targeted exam (sweep) of firms’ practices related to their acquisition of customers through social media channels and their sharing of customers’ usage information with affiliates and non-affiliated third parties summarizes selected practices FINRA has observed firms implement to this point in the sweep.
    February 28, 2023
  • Guidance

    This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@finra.eu” and “@finrarec.com”. Samples of both emails are provided in Appendices 1 and 2.

    The domains of “finra.eu” and “finrarec.com” are not connected to FINRA, and member firms or their customers may receive similar phishing emails from other domain names in addition to those identified in this Alert.

    February 23, 2023
  • Guidance

    This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@filling-regfinra.com”. The domain of “filling-regfinra.com” is not connected to FINRA, and firms should delete all emails originating from this domain. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

    The email states:

    Dear Name,

    I hope all is well!

    November 15, 2022
  • Media Center
    The new Complex Investigations and Intelligence (CII) team and Cyber and Analytics Unit (CAU) are driving a shift in terms of how Member Supervision’s National Cause and Financial Crimes Detection Program comes at its work and leverages intelligence and analytics to drive decision making and operations. On this episode, we hear how these changes will help FINRA better deliver on its mission of investor protection, market integrity.
    August 09, 2022
  • Guidance
    This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@firms-finra.org” or “@firms-sipc.org”.  Neither of these domains is connected to FINRA and firms should delete all emails originating from these domain names.
    June 16, 2022
  • Guidance

    FINRA’s National Cause and Financial Crimes Detection (NCFC) Cyber and Analytics Unit (CAU) has noted a recent alert issued by Microsoft on May 30, 2022.

    June 03, 2022
  • Guidance
    The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to highlight an alert issued by the Cybersecurity & Infrastructure Security Agency (CISA) on April 20, 2022.
    May 02, 2022
  • Guidance
    On April 25, FINRA issued an alert to member firms which highlighted a phishing attack using the domain name “@claims-finra.org”. This alert is to warn you about a new, potentially related, phishing attack also purporting to be from FINRA.
    April 27, 2022
  • Guidance
    This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@claims-finra.org.” The domain of “claims-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.
    April 25, 2022
  • Technical Notice
    FINRA is aware of the critical Spring4Shell vulnerability and has taken immediate steps to neutralize the risk.
    April 04, 2022
  • Guidance

    The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program is highlighting a statement released today by President Biden regarding possible threats to our nation’s cyber security, urging private sector companies to remain vigilant and harden their cyber defenses "immediately" based on "evolving intelligence that the Russian Government is exploring options for potential cyberattacks." The President

    March 21, 2022
  • Guidance

    The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to bring an important cyber-related development to your attention.  The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a “Shields Up” warning this week regarding potential Russian cyberattacks to target U.S. organizations related to Russia’s potential destabilizing actions against Ukraine. CISA advised that while there are not currently any specific credible threats to the U.S., they recommend  that all organizations, namely U.S.

    February 15, 2022
  • Report / Study

    Cloud computing is transforming how broker-dealers operate by providing opportunities to enhance agility, efficiency, resiliency and security within firms’ technology and business operations while potentially reducing costs. As a result, cloud computing is increasingly seen by many firms as an important architectural component to their infrastructure.

    August 16, 2021
  • Compliance Tools

    Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:

    July 12, 2021
  • Podcast
    Firm regulatory risks and priorities don't exist in a vacuum. And that is perhaps nowhere clearer than when it comes to a firm's anti-money laundering responsibilities. A firm's AML risks can overlap with any number of other priorities. On this episode, the first of a two-part series, we look at the overlapping risks of AML and cybersecurity.
    October 27, 2020
  • Virtual Conference Panel
    Join FINRA staff and industry panelists as they provide examples of effective controls and tools their firms have put into place to monitor and address cybersecurity risks.
    May 19, 2020
  • Guidance

    This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.

    July 09, 2019
  • Report / Study

    This report continues FINRA’s efforts to share information that can help brokerdealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks. Similarly, FINRA continues to see problematic cybersecurity practices in its examination and risk monitoring program. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity.

    December 01, 2018
  • Compliance Tools
    FINRA has assembled a list of resources that firms may use to manage their cybersecurity risk. These resources include: news and analysis; effective practices and guidance; and free diagnostic tools...
    October 25, 2016
  • Guidance
    FINRA is conducting an assessment of firms’ approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms’ IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.
    January 01, 2014
  • Compliance Tools

    Overview

    The following tool identifies key cybersecurity risks currently facing small firms and helps them enhance their customer information protection, and cybersecurity written supervisory programs (WSPs) and related controls, including:

  • Compliance Tools
    What should your firm do after it discovers that customers’ accounts have been compromised?
  • Investor Education
    FINRA has observed that bad actors are using sponsored search result ads to impersonate some FINRA member firms’ support centers. When an individual clicks on the ad, instead of being directed to the firm’s page, they’re taken to a fraudulent website. The scammers then attempt to steal funds or personal information from their targets.
  • Investor Education
    In investment-related impersonation schemes, scammers misuse the name of real registered investment professionals or firms to create the appearance of legitimacy. Imposter scams can be difficult to spot unless you know what you’re looking for. Here are patterns to be aware of and tips to help spot the fakes.
  • Investor Education
    The SEC, NASAA and FINRA are jointly issuing this Investor Alert to make investors aware of the increase of investment frauds involving the purported use of artificial intelligence (AI) and other emerging technologies. Bad actors are using the growing popularity and complexity of AI to lure victims into scams. Here are a few things to look out for to help you keep your money safe from these frauds.
  • Investor Education
    If putting all your financial information online in one place sounds like a good idea, there are many companies ready to help you organize your financial life. However, before you share your financial details with data aggregators, it pays to know how these services operate and how to protect yourself from potential privacy and security risks.
  • Investor Education
    FINRA has seen a recent significant spike in investor complaints resulting from recommendations made by fraudulent “investment groups” promoted through social media channels. Complaints describe bad actors, posing as registered investment advisers, who advertise “stock investment groups” on Instagram and other social media channels and then turn to encrypted group chats on WhatsApp to communicate with interested investors and pitch investments.
  • Investor Education
    Pretexting is a tactic that hinges on telling a compelling—but fake—story. Hackers attempt to deceive their targets by establishing a false sense of trust, using a fabricated story, or pretext, to get you to download malware, send money or share sensitive information, to name a few examples. Here are some of ways you might be targeted—and how you can thwart an attempt to coax you into believing a bogus story.
  • Investor Education
    Phishing scams typically involve emails that falsely claim to be from a financial institution, credit card company or other familiar organization or service. Most of these emails attempt to lure you into providing sensitive personal information by requesting that you reply to the email or click on a link that mimics a legitimate website.
  • Investor Education
    Financial institutions have an obligation to safeguard your personal financial information, but you have an important role to play as well. Understanding how customer account takeover incidents and theft of personal financial information might occur and taking steps to minimize your risk can make a difference.
  • Investor Insights
    Online shopping can be a great way to snag deals and comparison shop. But it is not without its perils. Check out these tips to stay safe as you shop.
  • Investor Education
    Use this checklist to safeguard your sensitive information and help keep identity thieves at bay.