Cyber risks and threats continue to evolve and firms are under pressure to meet SEC and FCA expectations for operational resilience as well as their own internal and client expectations for cybersecurity and privacy. Stay current on the latest cybersecurity, privacy, and risk threat and regulatory alerts and build your cybersecurity and privacy knowledge with insights from our cybersecurity and technology risk experts.
Insights and Alerts
September 22, 2021
Our Ransomware 101 blog series addresses multiple aspects of the ransomware issue, including what you should know and what you should do to protect your firm, your clients, and your finances. In part one, we discussed the evolving and growing threat of ransomware. In this article (part two), we’ll provide a framework for what your organization can do to prevent and detect ransomware attacks.
September 15, 2021
A vulnerability has been discovered in Apple products that enables the installation of unauthorized software without the user's permission. The vulnerability is actively used to install Pegasus spyware on devices, allowing user activities to be surveilled by an external party.
September 09, 2021
Microsoft reports a previously unseen “zero-day” attack that uses Office files tainted with specially crafted Active X controls. Once opened, these controls create a vulnerability that enables perpetrators to perform remote code execution.
September 02, 2021
The Personal Information Protection Law of the People's Republic of China is scheduled to go into effect on November 1, 2021. This new law affects all companies and other entities, both inside and outside of China, engaged with personal information about individuals residing in China.
August 31, 2021
ACA’s Spring 2021 Virtual Conference was an opportunity for the regulatory compliance, performance, and cybersecurity community to come together and discuss the many changes of the past year and what the future of GRC looks like moving forward.
- GIPS Standards
- Regulatory Technology
August 31, 2021
The SEC announced that it sanctioned eight firms for failure to establish and implement cybersecurity policies and procedures. These failures resulted in multiple instances of criminal email account takeovers causing personally identifiable information from thousands of customers and clients to be exposed.