Page 61 - 期货和衍生品行业监管动态(2025年2月刊)
P. 61
期货和衍生品行业监管动态
适用于整个行业的网络安全框架,并为持牌机构更妥善管理网络安全风险提供指
引。
注:
1.生命周期结束的软件是指其使用期已告结束,该软件的供应商已停止就其
提供支持,并且没有可用的更新安全补丁和修复程序。
2.详情请参阅《致持牌机构、获 SFC 发牌的虚拟资产服务提供者及相关实体
的通函——网络安全网络研讨会》。
SFC Flags Cybersecurity Incidents Involving Licensed Firms and Resulting
Business Disruptions in Thematic Review Report (2025/2/6)
The Securities and Futures Commission (SFC) noted material cybersecurity
incidents in recent years involving cyberattacks against licensed corporations (LC)
had resulted in significant business disruptions or hacking of client accounts.
Issued today, the SFC’s Report on the 2023/24 Thematic Cybersecurity Review
of Licensed Corporations (Report) noted eight incidents of material cybersecurity
breach reported to the SFC between 2021 and 2024. In some incidents, fraudsters
conducted unauthorised trades in clients’ accounts after gaining control of them by
infiltrating the LCs’ networks through network security loopholes. The use of
end-of-life software and weak algorithm for encrypting client data are some of the
common weaknesses identified in these incidents (Note 1).
Such vulnerabilities indicate the LCs’ insufficient senior management oversight
and inadequate controls on cybersecurity measures.
In addition, to address the emerging cybersecurity risks, the SFC has set out in
the Report standard of conduct expected of LCs in relation to phishing detection and
prevention, end-of-life software management, remote access, third-party IT service
providers management and cloud security.
47
