Cybersecurity Alert - FINRA Notifies Member Firms of CISA Alert (AA22-110A)
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to highlight an alert issued by the Cybersecurity & Infrastructure Security Agency (CISA) on April 20, 2022. This alert was issued jointly along with cybersecurity authorities of Australia, Canada, New Zealand and the United Kingdom and warns organizations about potential malicious cyber activity due to economic sanctions the US and its allies and partners imposed upon Russia.
The CISA alert is divided into two sections. The first section provides an overview of the Russian actors and the state sponsored organizations thought to be capable of many types of cyber attacks. FINRA draws your attention to the second section of the alert which outlines many of the controls and effective practices firms should implement to prevent issues, to prepare for cyber attacks and to respond to incidents when they do occur.
- Preventing Cyber Incidents:
- Prioritize the application of software updates and security patching.
- Implement strong access management procedures (adding, removing & reviewing access) across all systems including cloud systems.
- Enforce multi-factor authentication (MFA).
- Implement network segmentation to separate network segments based on role and functionality.
- Provide cybersecurity end-user awareness and training.
- Preparing for Cyber Incidents:
- Create, maintain, and test an incident response plan. Preserve a hardcopy of the plan.
- Maintain encrypted and immutable offline backups.
- Ensure adequate logging and monitoring capabilities in support of incident investigations.
- Responding to Cyber Incidents:
- Activate and follow your incident response plan.
- Immediately isolate all infected systems.
- Engage third party expertise and report to appropriate law enforcement or regulatory bodies.
The alert outlines many other controls that will assist member firms to prevent, detect and respond to cybersecurity attacks. For guidance or if you have questions, please contact your assigned Risk Monitoring Analyst or NCFC’s Cyber Security Group (CSG).