Phillip Capital Incorporated (PCI)

Phillip Capital Inc. is a dealer and the dealer on the future commission who is a part of PhillipCapital Group which is based in Singapore since 1975. Provides access to all large Asian exchanges and the global exchanges through network of PhillipCapital companies.

History

2019: A fine of $1.5 million for non-execution of industry standards on confidential data protection

On September 18, 2019 the company Zecurion reported that Chicago the company on to trade securities was fined 1.5 million US dollars for non-execution of industry standards on to protection confidential data. According to experts of Zecurion, the lack of organizational measures became the cause of the incident data protection.

Commodity futures trading commission of the USA (CFTC) made investigation concerning Phillip Capital Incorporated (PCI) and came to a conclusion that the company did not take sufficient measures for control of the employees and ensuring protection of internal data.

As the commission claims, non-compliance with measures by the company for ensuring cyber security became the reason of large date leak in 2018 as a result of which malefactors managed to steal about 1 million US dollars at clients of PCI. Then, one of system administrators of the company fell a victim of a phishing.

Also, the federal commission in the statement criticized PCI for the fact that the company too late announced the clients cracking and did not manage to react to an incident quickly. In addition to the requirement to compensate to clients 1 million dollars of kidnapped persons of means, the commission in addition fined PCI 500,000 dollars "for negligent attitude to security and assumption of a possibility of an incident". Thus, net loss of the company from date leak made 1.5 million US dollars.

According to the head of analytical center Zecurion Vladimir Ulyanov, it is not enough to prevent similar incidents technical measures alone, from the companies also organizational actions for employees are necessary.

So far as concerns cyber security, it is important to remember that it is always a package of measures, both technical, and organizational. It is Let's say very good if the company uses the DLP solution for information loss prevention in the IT infrastructure. But without explanatory work among employees, the risk of emergence of similar situations will always be high. It is necessary to train personnel how to distinguish phishing techniques, to resist to manipulations of "social engineering", etc. It is warned – means it is armed. Therefore it is very correct that responsibility for such incidents, first of all, lies on the company, explained Ulyanov

In spite of the fact that investigation of CFTC on this incident is already finished, the commission is going and to watch closely further observance of regulations of information security by the companies dealers securities. The order published by CFTC also demands from PCI of providing to the commission of reports on the taken measures for correction of a situation.