Cyber Winter is Here, and Coming to Regulation: The New York Rules and the Future of Cybersecurity Regulation

From: Lexology

Jon Neiditz and Julie C. Grundman | Kilpatrick Townsend & Stockton LLP

DoD Issues Further Guidance on Implementation of DFARS Cyber Rule

From: Lexology

Susan B. Cassidy and Calvin Cohen | Covington & Burling LLP

Senate Committee Grills SEC Chair Jay Clayton On Cybersecurity

From: Wealth Management

“How can you expect companies to do the right thing when your agency has not?” U.S. Sen. Sherrod Brown asked.

Michael Thrasher


But much of the testimony was dedicated to cybersecurity and Clayton’s Sept. 20 statement that the agency’s EDGAR system was subject to a breach in 2016—perhaps in anticipation of the committee’s interest in the subject, which monopolized much of the question-and-answer session.

The reveal by the SEC came on the heels of one of the worst cybersecurity breaches in U.S. history, when Equifax announced earlier in the month that hackers exploited an outdated system and were able to obtain names, Social Security numbers, birth dates, addresses and other information about 143 million Americans.

Study outlines deficiencies among investment advisors related to cybersecurity

From: Financial Regulation News

By Dave Kovaleski

An analysis of registered investment advisors by the North American Securities Administrators Association (NASAA) found 698 deficiencies relating to cybersecurity.

Among the deficiencies state examiners found were no or inadequate cybersecurity insurance, no testing of cybersecurity vulnerability, lack of procedures regarding securing or limiting access to devices, no technology specialist or consultant, and a lack of procedures regarding hardware and software updates or upgrades.

Read Complete Article


Impacts of SEC’s exposed financial data: An interview on cybersecurity with Alex Heid

From: LeapRate


The recent incident with the SEC EDGAR web application involved unauthorized individuals gaining access to information before the public, and then profiting from pre-arraged trades using information that had been gleaned.

Attackers were most likely able to take advantage of a web application vulnerability that allowed them to see information that was not yet public, and had either registered their own account on the platform or taken over a pre-existing account to achieve the appearance of legitimate access to the system.

Read Complete Article