CSA: Communication a key in cybersecurity

Regulators have emphasized the need for firms to alert each other in response to cybersecurity incidents

CSA: Communication a key in cybersecurity
In its recently published Summary of CSA Roundtable on Response to Cyber Security Incidents, the Canadian Securities Administrators (CSA) highlight the need for securities-market stakeholders to inform and cooperate with each other in case of a cybersecurity incident.

“Our discussions highlighted the interconnected nature of the Canadian securities markets ecosystem,” said Louis Morisset, CSA chair and president and CEO of the Autorité des marchés financiers. “There was a clear agreement on the importance of cooperation and information-sharing in responding to a cybersecurity incident and reducing the risk of contagion.”

The participants, who discussed various elements of Incident Response Plans (IRPs) for entities, reportedly relied on existing organizations that deliver intelligence analysis and information-sharing services, as well as informal communication with peers. However, they agreed that more formal communication channels and coordination may be more effective to respond to a market-wide cybersecurity incident.

They also noted the need to test and update IRPs, which include communication and coordination protocols. This includes regular drills and protocol assessments to make sure that they’re robust.

The CSA previously announced that fintech and cybersecurity would be among the major priority areas for compliance requirements this year.

Related stories:
Canadian firms lag in cyber breach detection
2017 compliance priorities announced