On July 10, 2020, The SEC’s Office of Compliance Inspections and Examinations (OCIE) released an alert on the growth of the ransomware threat for financial services market participants and its commitment to providing advisory to assist these firms in taking proactive measures to protect their businesses. Phishing attacks and other social engineering campaigns are being designed by attackers to specifically attack financial services firms to deploy ransomware, a type of malware designed to prevent companies from accessing their network until the ransom is paid. OCIE has reported an increase in the sophistication of these attacks targeting not only investment advisers and broker-dealers, but the service providers to these registrants as well.
OCIE is recommending market participants to follow its advisory in conjunction with advisory released by the Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA), including an updated alert published on June 30, 2020, on recent ransomware attacks.
To enhance cybersecurity protections and preparedness, OCIE recommends implementing the following measures observed within institutional cybersecurity programs:
- Vulnerability Management
- Incident Response Planning & Testing
- Cybersecurity Training & Awareness
- Access Management & Risk Assessment
- Operational Resiliency
Read the full release here.
View the SEC’s Cybersecurity Spotlight webpage here.
View Drawbridge’s Regulatory Readiness webpage containing a library of financial services regulator cybersecurity alerts here.
Drawbridge assists alternative investment managers in delivering institutional cybersecurity software and services to combat ransomware threats and meet the SEC’s requirements. Contact firstname.lastname@example.org for more information.