HalcyonFT Quarterly Newsletter - Q4 2024 - Updates and Recommendations

Written By Studio Soph
 
 

Season’s Greetings! As 2024 draws to a close, the entire HalcyonFT team wishes you a very happy holiday season. And as we gather with family and friends, we remain committed to keeping you abreast of the latest developments in IT and their implications for your business. Please read on to learn more.

In this issue:

  • Quantum Computers and Encryption

  • The EU’s Digital Operational Resilience Act

  • Microsoft Ignite 2024

  • SEC Examination Priorities for 2025

  • HalcyonFT’s New Look

  • Happy Holidays

 
 

Quantum Computers and Encryption

Chinese scientists have demonstrated the use of a quantum computer to break a small-key RSA encryption, raising critical questions about the future of cryptographic methods that have long been considered secure.

The research, published in May by Shanghai University, was limited to a 22-bit RSA integer key, so this achievement does not pose an immediate threat to current encryption standards, which typically use much larger key sizes (e.g., 2,048-bit or 4,096-bit). These larger keys remain secure against current quantum capabilities. For context, it is estimated that breaking a 2,048-bit key would require 20 million qubits operating for about eight hours. Given that Google's new Willow quantum chip has only 105 qubits, breaking the larger keys is not feasible.

This raises the question of whether and when Bitcoin’s SHA-256 encryption will be able to be broken by quantum technology. One estimate projects a 50% chance that this will happen when quantum computing is available with 2,500 qubits, a milestone that could be reached in the next 5–10 years.

As quantum computing technology continues to evolve, we are closely monitoring these advancements and evaluating their potential implications for your business so that we can stay ahead of potential threats and secure your data.

For more information, please read these articles in Forbes, CSO, ARS Technica, and The Block.

The EU’s Digital Operational Resilience Act

On January 17, 2025, the Digital Operational Resilience Act (“DORA”) will come into force, requiring that EU financial institutions adopt robust measures to withstand, respond to, and recover from various disruptions and threats to digital operations.

Under DORA, financial institutions operating in the EU must implement comprehensive risk management frameworks, including continuous monitoring and oversight of their information communication technologies (ICT) service providers. This regulation emphasizes third-party risk management and the need to protect customer data and maintain operational resilience.

DORA compliance will need to be adopted by all financial services firms with EU operations, regardless of where the firm is located.

DORA aims to improve the resilience of the financial sector by promoting proactive management of ICT-related risks and ensuring that institutions are prepared to handle potential disruptions. Key aspects of DORA include the following:

  • Risk Management: Financial institutions must develop and maintain robust risk management strategies to identify, assess, and mitigate ICT-related risks.

  • Continuous Monitoring: Financial institutions must continuously monitor their ICT systems and service providers to ensure compliance and resilience.

  • Incident Reporting: Financial institutions must report ICT-related incidents to the authorities in a timely manner.

  • Third-Party Oversight: Financial institutions must ensure that their third-party service providers meet the standards for operational resilience and data protection.

Please reach out to your Halcyon FT contact for additional information or review these EU-provided DORA resources.

Microsoft Ignite 2024

Microsoft’s annual conference for developers, IT professionals, and partners included many announcements and updates on Copilot, AI, and cybersecurity, among other topics.

Microsoft 365 Copilot

Microsoft’s AI-powered personal digital assistant integrates with Microsoft 365 applications to help users be more productive and efficient. Copilot can now automate everyday tasks with simple, fill-in-the-blank prompts that create workflow automation, such as automatically receiving a summary of daily action items or creating weekly newsletters to gather team input. Within Microsoft Teams, Copilot can understand, recap, and answer questions based on shared visual content, and it can quickly summarize files shared in a chat. Within Outlook, Copilot allows users to create themes to customize their experience. Microsoft is now pursuing additional Copilot integrations with OneNote, Forms, OneDrive and more. To get the most out of Copilot and learn more about powerful prompts, contact us or visit the Copilot Prompt Gallery.

AI Agents

New AI-powered applications can interact with users, perform tasks, answer questions, and automate processes. Microsoft aims to help developers create AI Agents that essentially act as a coworker able to schedule meetings, search for information, provide summaries, and complete simple tasks. Microsoft is updating Copilot Studio, Azure AI Agent Service, Azure AI Foundry, and other tools to accelerate the scale of AI Agents.

Cybersecurity

Microsoft announced several improvements to key security applications based on zero-trust principles. Product updates include LLM-backed phishing detections in Defender for Office 365, identity-centric zero-trust architecture with Microsoft Entra Private Access, and expanded Threat Intelligence Platform capabilities in Microsoft Sentinel. Some of these updates are not relevant to all HalcyonFT clients, but we’ll review and test them as they are released, letting you know which ones are most advantageous for your business.

Most of the features announced at Microsoft Ignite 2024 are in preview, with expected rollout in 2025, depending on official release dates and your firm’s feature update cadence. For more information, please visit Microsoft Ignite 2024 Wrap-up: Highlights and Resources.

SEC Examination Priorities for 2025

The U.S. Securities and Exchange Commission (SEC) Division of Examinations has announced its priorities for FY 2025. The SEC continues to prioritize cybersecurity and operational resiliency to safeguard investor information and ensure the continuity of critical services. The SEC is also focusing on the use of emerging technologies in the financial sector.

Information Security and Operational Resiliency

  • Cybersecurity Policies and Procedures: To prevent interruptions to mission-critical services and protect investor information, records, and assets, the SEC will examine firms’ cybersecurity policies and procedures, governance practices, data loss prevention, access controls, account management, and cyber-attack incident responses.

  • Operational Resilience: The SEC will emphasize the need for robust operational resilience plans to handle potential disruptions and maintain the continuity of critical services.

  • Regulation Systems Compliance and Integrity (SCI): SCI entities must establish, maintain, and enforce written policies and procedures reasonably designed to ensure their systems’ capacity, integrity, resiliency, availability, and security.

  • Regulation S-ID and S-P: The SEC will focus on policies and procedures as they pertain to safeguarding customer records and information at firms providing electronic investment services, including compliance with identity theft and privacy regulations.

Emerging Financial Technologies

  • Automated Investment Tools and AI: The SEC will examine the use of AI and digital engagement practices, such as digital investment advisory services, recommendations, and related tools and methods, ensuring that representations are accurate and controls are in place.

We strongly encourage you to refer to SEC’s FY 2025 Examination Priorities and review your compliance and risk management frameworks. HalcyonFT stands ready to assist you in navigating these evolving regulatory landscapes.

HalcyonFT’s New Look

HalcyonFT is thrilled to announce the launch of our new company brand and website.


For the past six months, we’ve been busy reevaluating our brand. We felt that HalcyonFT’s visual identity deserved an update, given our significant growth over the past 15 years.

Our new logo is modern, versatile, and designed to resonate with our clients in the financial services industry. The colors reflect our energy and innovation. We wanted our identity to succinctly communicate the foundational qualities of our brand: cutting edge, dependable, and best in class.

Our redesigned website incorporates our new brand and improves the user experience with a streamlined layout and functionality. Please take a look. We would love to hear what you think of it!

Happy Holidays!

From all of us at HalcyonFT, we wish you a joyous holiday season filled with warmth, laughter, and cherished moments with loved ones. Thank you for your continued trust and partnership. We look forward to serving you in the New Year!

— Your HalcyonFT Team

 
 
 
 
 

{ HALCYONFT UPDATES }

More Insights

 
 
 
 

{ CONTACT }

Connect with us to discuss what HalcyonFT can do for you

 
 
Studio Soph https://www.studiosoph.co.uk
Previous

Important Security Notice: Chrome Extensions Hacked – Recommend Immediate Action Required on Personal Devices
Next

Important Security Notice: FBI Alerts on the Risks of SMS Hacking