US regulators are calling attention to financial firms’ obligations to protect against evolving cybersecurity threats.

On October 2, 2019, the Financial Industry Regulatory Authority (FINRA) issued an information notice to members warning of a growing cybersecurity threat: cloud-based email account takeovers (ATOs). These ATOs are a form of account compromise or takeover that specifically targets cloud-based email platforms.

According to FINRA, the risk of ATO attacks has escalated dramatically in the past year, particularly for financial services firms. FINRA — which did not cover ATOs in its December 2018 Report on Selected Cybersecurity Practices — 2018 — noted in the new ATO alert that several member firms have reported ATO breaches in the past six months. In the alert, FINRA provided extensive information on the methods cybercriminals use to execute ATO attacks and, importantly, how to detect, prevent, and respond to such attacks if they occur.