Securities regulators are warning financial firms, issuers, and infrastructure organizations about the rising risk of cybercrime, and advising them to review their security measures.
The Canadian Securities Administrators (CSA) issued a staff notice Thursday, calling on dealers, issuers, and other elements of the financial markets, to assess their cyber security; and, if necessary, take steps to beef up that security. In its notice, the CSA warns that two major types of cyber threat — denial of service (DoS) attacks, and advanced persistent threat attacks (APT) — have increased in frequency and sophistication of late.
The CSA says that issuers, registrants, and other regulated entities that have not examined the risks of cybercrime should consider how to deal with it; which may include: educating staff; following guidance and best practices from industry associations and information security organizations; and, conducting regular third party vulnerability and security tests and assessments.
Firms that have already taken steps to address the issue should also review their cyber security risk control measures on a regular basis, it says.
The CSA notes that financial firms “should consider whether their risk management systems allow them to manage the risks of cybercrime in accordance with prudent business practices.” And, it advises other regulated entities, especially market infrastructure firms, to consider the measures they must take to manage the risks of cybercrime.
For issuers, the CSA also suggests that they should consider whether they need to disclose possible cybercrime risks, and any controls they have adopted to address those risks.
“The CSA will consider these issues in its reviews of issuer disclosure and in its oversight of registrants and regulated entities,” it says.