Trouble viewing this email?  View in web browser ›

The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by NetscoutNetscout

SEC Approved Broad New Cyber Rules for Broker-Dealers, Stock Exchanges and Others

By James Rundle

 

Good day. The U.S. Securities and Exchange Commission held a marathon cyber session Wednesday, approving proposals for new rules and amendments to existing regulations that could bring new compliance obligations to a broad swath of market participants. They now go to the public comment phase.

Among the new provisions is a three-part proposal that would force broker-dealers, clearinghouses, stock exchanges and other financial institutions to implement written cybersecurity policies, apply stringent reporting requirements in the event of an attack, and mandate public disclosures.

More on the proposals further down.

Also today: Amazon, Experian fight privacy sanctions to preserve data-based business models, carving paths for more businesses to challenge regulators. Get the full story. 

More news: 

  • U.S. issues TikTok ultimatum
  • Russia steps up cyber espionage, Microsoft says
  • More than 4 million affected in the latest healthcare breach
  • ChipMixer taken down
 

CONTENT FROM OUR SPONSOR: Netscout

Why Protecting the Edge is More Important Than Ever

Edge computing is fast becoming an essential part of our future technology capabilities. But, with greater reliance on the edge comes increased risk from cyberattacks. According to a recent report, the global edge computing market is expected to grow at a compound annual growth rate of 38.9% from 2022 to 2030, reaching nearly $156 billion by 2030.

Learn More

 

Privacy & Surveillance

Experian last month largely won an appeal against a 2020 decision by the U.K.’s privacy regulator to restrict how the credit-rating company processes data from public sources. PHOTO: PATRICK T. FALLON/BLOOMBERG NEWS

With Business Models in the Balance, Courts Side With Big Companies in Privacy Appeals

European courts have handed wins to Experian PLC, Amazon.com Inc. and Italian energy giant Enel SpA in recent rulings, in some cases striking down multimillion-dollar fines and reaffirming companies’ arguments that their data practices comply with the General Data Protection Regulation.

Companies have appealed GDPR decisions since the expansive privacy law took effect in 2018 in an effort to fight reputational harm and large fines.

Now companies see entire business models at stake.

Read the full story. 

PHOTO: BRYAN VAN DER BEEK/BLOOMBERG NEWS

TikTok ultimatum: The Biden administration is demanding that TikTok’s Chinese owners sell their stakes in the video-sharing app or face a possible U.S. ban of the app, according to people familiar with the matter. The Committee on Foreign Investment in the U.S., or Cfius—a federal task force that oversees national security risks in cross-border investments—made the demand recently, the people said.

  • TikTok CEO Shou Zi Chew (pictured) is slated to appear before a congressional panel next week.
  • “If protecting national security is the objective, divestment doesn’t solve the problem: a change in ownership would not impose any new restrictions on data flows or access, ” a TikTok spokeswoman said.

Read the full story.

 

Cyberattacks

PHOTO: MIKHAIL METZEL

/TASS/ZUMA PRESS

Russian hackers step up cyber espionage against Ukraine and allies, Microsoft says. Deploying novel strains of malware, Moscow shows renewed commitment to conduct cyberattacks, according to research from Microsoft and other security firms. The findings suggest Russia may be preparing more aggressive and potentially destructive ones to coincide with an expected spring offensive in eastern Ukraine. Read more.

Ransomware attackers penetrated networks at 860 critical infrastructure operators in 2022, according to the FBI's latest annual internet crime report. LockBit, BlackCat and Hive were the most common strains and healthcare was by far the most-attacked sector, followed by manufacturing and government organizations. (Bleeping Computer)

4,226,508

Number of people affected by a data breach at Independent Living Systems LLC, a Miami-based tech provider to Medicare and Medicaid organizations. Personal and insurance data were exposed, as well as medical and treatment information, in a hack in June and July 2022, according to HIPAA Journal.

 
Advertisement
‏‏‎ ‎
 

NEWSLETTER EXTRA | SEC Seeks Broad New Cyber Rules

The Securities and Exchange Commission on Wednesday approved a number of proposals for new rules and amendments to existing regulations, to toughen cyber defenses at a range of financial institutions.

The proposals, which effectively cover most major market participants aside from the smallest broker-dealers, contain significant new requirements for reporting cyber incidents to the agency and the public.

The SEC also reopened the comment period for proposals covering similar areas for investment-management companies and advisers published in February 2022, allowing an additional 60 days for interested parties to weigh in.

More disclosures: Wednesday’s proposals include rules to require financial companies to develop written cybersecurity processes and review them regularly. Those that suffer a cyberattack would be required to immediately notify the SEC and provide updates as details are uncovered. Companies also must make public disclosures about their cyber risks and previous significant incidents.

Who's affected? Broker-dealers, the Municipal Securities Rulemaking Board, clearing agencies, stock exchanges, data repositories and transfer agents are among the organizations that would have to comply.

“Investors, issuers and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age, and the proposal, if adopted, would help promote every part of our mission, particularly regarding investor protection and orderly markets,” said Gary Gensler, the agency’s chair, before the vote.

Commissioners voted three-to-two to pass the proposal for the new rule, with Hester Peirce and Mark Uyeda, the two Republican commissioners, voting against.

Objection: “I could not help but wonder, as I read through the more than 500 pages that make up this proposal, whether we at the Commission are living up to the proposed standards,” Ms. Peirce said, adding that she believes the SEC should correct cyber issues with existing projects before issuing new rules.

—James Rundle

 

Enforcement

PHOTO: ANDREW KELLY

/REUTERS

ChipMixer is shut down. U.S. and European authorities took down cryptocurrency platform ChipMixer and charged its alleged operator, accusing it of laundering more than $3 billion of criminal proceeds, including $700 million allegedly stolen by North Korean hackers. Mixers enable users to commingle their funds to obfuscate ownership. Get the full story. 

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 

About Us

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle and Catherine Stupp. 

Follow us on Twitter: @knash99, @catstupp and @WSJCyber.

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com. Follow him on Twitter: @Steve_Rosenbush.

 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2023 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe