CYBERSECURITY

Are You Cyber Resilient?

www.sddco.com I info@sddco.com I (212) 751-4422

Cyber resilience is a firm’s capacity to manage its daily operations after being a victim of a cyber-attack. This concept should be part of your firm’s cybersecurity compliance program. In fact, your entire cybersecurity program should be built on the pillars of cyber resilience.

Businesses today are forced to function in an ever-evolving threat environment, whereas traditionalsecurity practices are simply not enough. Broker-Dealers and RIA’s need to shift their focus to a more pragmatic approach and resort to cyber resilience strategies to guarantee continuity.

NEW COLOR PALETTE • Final

PMS294C

PMS7455C

Cool Grey8C

R: 27G: 54B: 104

R: 61G: 93B: 171

R: 139G: 138B: 141

C: 100M: 86Y: 29K: 22

C: 85M: 70Y: 0K: 0

C: 48M: 40Y: 38K: 4

HEX:#092ebe

HEX:#385cae

HEX:#8b8a8f

www.sddco.com I info@sddco.com I (212) 751-4422

CYBERSECURITY

Why Does Cyber Resilience Matter?

Building a robust ‘fortress’ around your firm is a common practice that is often failing, as threats are constantly adapting. If your employees are targeted through social engineering practices, they are likely to willingly, yet unknowingly, give away your most sensitive information, transfer money to cybercriminals, or provide login credentials.

Cyber-resilient firms should be able to protect themselves, and if the protective measures fail, they should adapt, survive, and learn from these events to successfully stop others in the future.

The number of malware infections and cyberattacks has skyrocketed in recent years. With data breach incidents occurringdaily, it’s no longer a matter of if you will suffer one, but when, how often, how you will respond, and how you willrecover. SDDco Regulatory Services, LLC (“SDDco-RS”) can help prevent cyber-attacks by providing phishing andpenetration tests and other services through our SDDco Cyber platform.

The Cost of a Cyber-Attack

The Ponemon Institute noted that 1 million breached records would translate into losses of roughly $39.4 million for businesses. When using cyber resilient practices, IT security departments quickly detect and mitigate potential threats before they spread, at the same time lowering costs.

The consequences of data breaches and attacks aren’t only to be looked at from a financial standpoint. The implicationsextend to a broader spectrum, covering reputation damage as well. In terms of reputation, it will be highly challenging toregain your clients and the general public’s trust after a data breach. Eighty percent of consumers in developed nations willabandon a business if their personal information has been leaked in a data breach. Don’t become a statistic.

The first 48 hours following a data security incident are critical. With your firm’s regulatory, continuity, reputation, andfuture at risk, you can’t afford to be unprepared and non-compliant. SDDco Cyber protects your firm from the devastatingeffects of an internal data breach by providing essential services to help prevent a hack in the first place.

Cyber Security vs. Cyber Resilience: What’s the Difference?

Simply put, cybersecurity refers to the defensive measures put in place to keep malicious threats from penetrating intoyour IT systems.

The cyber resilience concept emphasizes the way a firm responds once an attack takes place. An important aspect ofcyber resilience is that it implies you can continue your normal business operations despite adversities.

Cybersecurity and cyber resilience should not be perceived as standalone concepts, as they without a doubt overlap andare greatly dependent on each other. Cyber resilience is based on a holistic approach that outweighs cybersecurity.

NEW COLOR PALETTE • Final

PMS294C

PMS7455C

Cool Grey8C

R: 27G: 54B: 104

R: 61G: 93B: 171

R: 139G: 138B: 141

C: 100M: 86Y: 29K: 22

C: 85M: 70Y: 0K: 0

C: 48M: 40Y: 38K: 4

HEX:#092ebe

HEX:#385cae

HEX:#8b8a8f

www.sddco.com I info@sddco.com I (212) 751-4422

CYBERSECURITY

5 Steps to Create a Complete Cyber Resilience Compliance Program

It’s time for firms to transition from a classical information security approach to one of cyber resilience.

You need to be conscious of the current threat landscape and be able to anticipate future threats. You are also required to have the appropriate processes in place if cyber disaster strikes, so your business is not disrupted and you’re able to recover promptly.

Here are the steps that will pave your way to true cyber resilience:

1. Evaluate Your Environment

Your evaluation should be much more extensive. If you don’t have the proper resources to conduct an in-houseanalysis, you should outsource your due diligence to a third party. SDDco Cyber can provide the penetration testingand email phishing attempts needed to achieve cyber resilience.

To further evaluate your environment, our SDDco Cyber Quiz is a free, non-technical assessment that will help youevaluate your cybersecurity practices. It is designed to determine your existing firm resilience and to offer a gapanalysis for improvement.

• How vulnerable is your firm to the current threatscape?

• Where is your data stored? Who has access to it?

• Do you update your operating system and software as

soon as new patches are available?

• Do you provide cybersecurity training sessions for your employees?• Are you aware of the existing vulnerabilities in your systems?• Do you have Penetration Testing programs in place?

Start by asking yourself a few vital questions, such as:

2. Develop Your Defense and Prevention Plan

Ensure the defense tools you’re using are proactive rather than reactive. Employ artificial intelligence and automated security software whenever possible. Study threat intelligence reports so you can better understand the cybercriminal business model and stay ahead of threats.

• An Endpoint Detection and Response (EDR) solution• Firewalls• Privileged Access Management software• Encryption software for your stored and transmitted data

• Security software for your mobile devices• An email security solution• Strong authentication methods

Having the right means of protecting your environment and avoiding cyberattacks is mandatory when following both the cybersecurity and cyber resiliency philosophies. Some of the common risks you should be prepared against are malware, insider threats, business email compromise (BEC), phishing/social engineering attacks, DDoS (Distributed Denial-of-Service) attacks, and more.

Fundamentals you should include in your protection and prevention plan:

NEW COLOR PALETTE • Final

PMS294C

PMS7455C

Cool Grey8C

R: 27G: 54B: 104

R: 61G: 93B: 171

R: 139G: 138B: 141

C: 100M: 86Y: 29K: 22

C: 85M: 70Y: 0K: 0

C: 48M: 40Y: 38K: 4

HEX:#092ebe

HEX:#385cae

HEX:#8b8a8f

www.sddco.com I info@sddco.com I (212) 751-4422

CYBERSECURITY

3. Have a Penetration Testing Program in Place

• External penetration testing performed under global open web security testing 4.0 standards.• Full diagnostic description of exploitation efforts along with vulnerability identifications ranked and profiled including recommended reactive actions. Cybersecurity standards included.

SDDco Cyber will help you discover any cyber weaknesses in your firm by disrupting your IT environment. We provide:

4. Train Your Employees

While it may be simple to have a single person or a team responsible for your cyber security, that will prove to be an inadvisable practice. In a cyber-resilient firm, communication needs to be facilitated across all lines of business. All your employees must be aware of cyber threats and be properly trained and familiar with the cybersecurity best practices. They can often be exploited and allow cyberattacks to take place without their knowledge. You can simulate socialengineering campaigns (send your employees phishing emails) and observe their behavior.

Ongoing cybersecurity education is key. Untrained employees can be your biggest threat, while those educated can ultimately prove to be your best defense against intruders. SDDco Cyber offers weekly and monthly data security news, alerts, tips, videos and information for employees and clients.

Cyber resilience is all about approaching information security in a way that encompasses both technology and people.

5. Adapt, Learn, and Predict

Based on what you have learned, make the necessary adjustments in your cyber resilience strategy. Find ways to better address environmental changes and modify systems to reduce future risks.

To demonstrate a true cyber resilient behavior, your firm must be able to adapt in times of change. Another crucial phase is to learn from past attacks and be able to determine in due time when similar events will take place.

NEW COLOR PALETTE • Final

PMS294C

PMS7455C

Cool Grey8C

R: 27G: 54B: 104

R: 61G: 93B: 171

R: 139G: 138B: 141

C: 100M: 86Y: 29K: 22

C: 85M: 70Y: 0K: 0

C: 48M: 40Y: 38K: 4

HEX:#092ebe

HEX:#385cae

HEX:#8b8a8f

www.sddco.com I info@sddco.com I (212) 751-4422

CYBERSECURITY

Who Should be Responsible?

Your cyber resilience compliance program should start from the top. First, your key decision-makers need to be in sync with regards to your cyber resilience messaging.

Secondly, even if everyone is ultimately responsible for sustaining a cyber-resilient culture, business leaders need to be advocates for cyber-resilient practices and ensure that cybersecurity education is an ongoing process.

3 Takeaways for Your Cyber Resilience Strategy

• Cybersecurity is mostly about defense and reaction, while cyber resilience is more about anticipation and continuity.

• Create your IT systems in such a manner that even if attackers manage to break into your environment, your business operations continue without interruptions.

• Choose a proactive approach over a defensive one and advocate for cyber resilience by design.

Start practicing cyber resilience, don’t limit yourself to cybersecurity.

Cyber resilience strategies will truly put digital security at the core of your business. Nurture an environment where the newest and most advanced threats are tackled with proactive defenses. Start using efficient strategies that will keep your firm in a functional state even in times of a cyber disaster.

Challenge the way you think about cybersecurity. Change your mindset to achieve true cyber resilience.

SDDcoGroup Offices

NEW COLOR PALETTE • Final

PMS294C

PMS7455C

Cool Grey8C

R: 27G: 54B: 104

R: 61G: 93B: 171

R: 139G: 138B: 141

C: 100M: 86Y: 29K: 22

C: 85M: 70Y: 0K: 0

C: 48M: 40Y: 38K: 4

HEX:#092ebe

HEX:#385cae

HEX:#8b8a8f

NEW YORK (Headquarters)

485 MADISON AVENUEFLOOR 15

NEW YORK, NY 10022(212) 751-4422

MIAMI

BRICKELL CITY CENTRE78 SW 7TH STREET

MIAMI, FL 33130

BOSTON

WeWorkONE LINCOLN STREET

BOSTON, MA 02110

www.sddco.com