SEC Issues Ransomware Alert

The Securities and Exchange Commission’s exam division is warning advisors and broker-dealers to immediately review their cybersecurity controls, as phishing and ransomware attacks are on the rise.

In a just-released risk alert, the agency’s Office of Compliance Inspections and Examinations warns that while recent reports indicate that one or more threat actors have used phishing and ransomware measures to penetrate financial institution networks, OCIE “has observed ransomware attacks impacting service providers to registrants.”

OCIE urged SEC registrants as well as other financial services market participants to monitor the cybersecurity alerts published by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), including the updated alert published on June 30 relating to recent ransomware attacks.

OCIE encouraged registrants to share the updated CISA guidance with their third-party service providers, particularly with those that maintain client assets and records for registrants.

While the CISA alert highlights key mitigation strategies to reduce overall vulnerability, OCIE notes that because there’s no “one size fits all” approach, OCIE provides its own observations to assist market participants on ways to enhance cybersecurity preparedness and operational resiliency.

— Check out How to Bolster Cybersecurity During a Pandemic on ThinkAdvisor.